GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-17 18:11:14 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0002SDM1 465,76GB Running: 8d9xt1hq.exe; Driver: C:\Users\Oskar\AppData\Local\Temp\awddrkog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\csrss.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100040460 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100040370 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100040470 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100040320 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100040390 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100040310 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100040230 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100040480 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100040350 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100040290 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100040330 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100040250 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100040490 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100040200 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100040420 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100040430 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\wininit.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100040280 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\services.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\lsm.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\nvvsvc.exe[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\Explorer.EXE[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100060460 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100060370 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100060470 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100060320 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100060390 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100060310 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100060230 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100060480 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100060350 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100060290 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100060330 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100060250 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100060490 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100060200 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100060420 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100060430 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\taskhost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100060280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1844] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768cd03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\svchost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 00000001000d0460 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 00000001000d0450 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 00000001000d0370 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 00000001000d0470 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000d03e0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 00000001000d0320 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000d03b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 00000001000d0390 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000d02e0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000d02d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 00000001000d0310 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000d03c0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000d03f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 00000001000d0230 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 00000001000d0480 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000d03a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000d02f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 00000001000d0350 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 00000001000d0290 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000d02b0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000d03d0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 00000001000d0330 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 00000001000d0410 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 00000001000d0240 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000d01e0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 00000001000d0250 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 00000001000d0490 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000d04a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 00000001000d0300 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 00000001000d0360 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000d02a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000d02c0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 00000001000d0380 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 00000001000d0340 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 00000001000d0440 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 00000001000d0260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 00000001000d0270 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 00000001000d0400 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000d01f0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 00000001000d0210 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 00000001000d0200 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 00000001000d0420 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 00000001000d0430 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 00000001000d0220 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 00000001000d0280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3556] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\System32\svchost.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Windows\System32\svchost.exe[3164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100090460 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100090450 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100090370 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100090470 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000903e0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100090320 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000903b0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100090390 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000902e0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000902d0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100090310 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000903c0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000903f0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100090230 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100090480 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000903a0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000902f0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100090350 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100090290 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000902b0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000903d0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100090330 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100090410 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100090240 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000901e0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100090250 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100090490 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000904a0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100090300 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100090360 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000902a0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000902c0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100090380 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100090340 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100090440 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100090260 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100090270 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100090400 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000901f0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100090210 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100090200 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100090420 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100090430 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100090220 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100090280 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4416] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[4560] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100090460 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100090450 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100090370 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100090470 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001000903e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100090320 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001000903b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100090390 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001000902e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001000902d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100090310 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001000903c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001000903f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100090230 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100090480 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001000903a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001000902f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100090350 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100090290 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001000902b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001000903d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100090330 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100090410 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100090240 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001000901e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100090250 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100090490 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001000904a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100090300 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100090360 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001000902a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001000902c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100090380 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100090340 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100090440 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100090260 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100090270 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100090400 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001000901f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100090210 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100090200 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100090420 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100090430 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100090220 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100090280 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[736] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000100180460 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000100180450 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000100180370 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000100180470 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001001803e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000100180320 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001001803b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000100180390 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001001802e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001001802d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000100180310 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001001803c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001001803f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000100180230 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000100180480 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001001803a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001001802f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000100180350 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000100180290 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001001802b0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001001803d0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000100180330 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000100180410 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000100180240 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001001801e0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000100180250 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000100180490 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001001804a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000100180300 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000100180360 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001001802a0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001001802c0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000100180380 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000100180340 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000100180440 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000100180260 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000100180270 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000100180400 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001001801f0 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000100180210 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000100180200 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000100180420 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000100180430 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000100180220 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000100180280 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451 00000000776c11d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776c142f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000776c1584 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776c190e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000776c1c44 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776c1dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776c1f4f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 00000000776c1fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 580 00000000776c2284 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 00000000776c28ae 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000776c2903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000776c2a10 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 00000000776c2b0f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 00000000776c2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776c2cb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776c2cd2 8 bytes {JMP 0x10} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776c2d2f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000776c2d98 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 00000000776c3168 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 662 00000000776c32b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776c37d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000776c3881 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776c38f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776c3a36 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000776c3a74 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 774 00000000776c3d86 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000776c434c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 358 00000000776c4396 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 195 00000000776c5213 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 579 00000000776c55b3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!A_SHAInit + 212 00000000776c56c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateServiceSid + 327 00000000776c5817 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 262 00000000776c5926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!A_SHAFinal + 307 00000000776c5953 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!A_SHAUpdate + 160 00000000776c5a00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlGetGroupSecurityDescriptor + 518 00000000776c6df6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!EvtIntReportEventAndSourceAsync + 967 00000000776c7eb7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlGetLongestNtPathLength + 6 00000000776c8286 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 75 00000000776c8303 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 274 00000000776c8582 8 bytes {JMP 0x10} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlUTF8ToUnicodeN + 892 00000000776c87ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlPcToFileHeader + 360 00000000776c8968 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!atol + 80 00000000776c89ec 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!atol + 200 00000000776c8a64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000776c8c6c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776c8cad 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776c8cc4 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000776c8d1c 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!RtlHashUnicodeString + 924 00000000776c90cc 8 bytes {JMP 0xffffffffffffff9e} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007770ff60 5 bytes JMP 0000000140000460 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007770ff80 8 bytes {JMP QWORD [RIP-0x4726a]} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007770ffb0 5 bytes JMP 0000000140000450 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077710100 8 bytes {JMP QWORD [RIP-0x4703a]} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077710110 5 bytes JMP 0000000140000370 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077710130 8 bytes {JMP QWORD [RIP-0x47489]} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077710160 5 bytes JMP 0000000140000470 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077710170 5 bytes JMP 00000001400003e0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077710220 5 bytes JMP 0000000140000320 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077710250 5 bytes JMP 00000001400003b0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077710270 5 bytes JMP 0000000140000390 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777102b0 5 bytes JMP 00000001400002e0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077710300 8 bytes {JMP QWORD [RIP-0x47642]} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077710330 5 bytes JMP 00000001400002d0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077710350 5 bytes JMP 0000000140000310 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077710390 5 bytes JMP 00000001400003c0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777103e0 5 bytes JMP 00000001400003f0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077710540 5 bytes JMP 0000000140000230 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077710700 5 bytes JMP 0000000140000480 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077710730 5 bytes JMP 00000001400003a0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077710810 5 bytes JMP 00000001400002f0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077710820 5 bytes JMP 0000000140000350 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077710880 5 bytes JMP 0000000140000290 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077710910 5 bytes JMP 00000001400002b0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077710930 5 bytes JMP 00000001400003d0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077710940 5 bytes JMP 0000000140000330 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777109b0 5 bytes JMP 0000000140000410 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777109e0 5 bytes JMP 0000000140000240 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077710b80 8 bytes {JMP QWORD [RIP-0x47910]} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077710ca0 5 bytes JMP 00000001400001e0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077710d60 5 bytes JMP 0000000140000250 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077710d90 5 bytes JMP 0000000140000490 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077710da0 5 bytes JMP 00000001400004a0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077710dd0 5 bytes JMP 0000000140000300 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077710de0 5 bytes JMP 0000000140000360 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077710e40 5 bytes JMP 00000001400002a0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077710e90 5 bytes JMP 00000001400002c0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077710ec0 5 bytes JMP 0000000140000380 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077710ed0 5 bytes JMP 0000000140000340 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777111c0 5 bytes JMP 0000000140000440 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777113c0 5 bytes JMP 0000000140000260 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777113d0 5 bytes JMP 0000000140000270 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777113e0 5 bytes JMP 0000000140000400 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777115a0 5 bytes JMP 00000001400001f0 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777115b0 5 bytes JMP 0000000140000210 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077711620 5 bytes JMP 0000000140000200 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077711680 5 bytes JMP 0000000140000420 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077711690 5 bytes JMP 0000000140000430 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777116a0 5 bytes JMP 0000000140000220 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077711780 5 bytes JMP 0000000140000280 .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007534146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Oskar\Downloads\8d9xt1hq.exe[5084] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075341a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004345f58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:3112] 0000000075827587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:748] 00000000676f0cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:2960] 0000000077901c7f Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:4528] 0000000077902c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:2696] 00000000772cc7f5 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:1484] 0000000077902c91 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1916:4888] 0000000077902c91 Thread C:\Windows\System32\svchost.exe [3356:4304] 000007fef2cd9688 ---- Files - GMER 2.1 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Current Session 163 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules\000003.log 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules\CURRENT 16 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules\LOCK 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules\LOG 47 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Extension Rules\MANIFEST-000002 50 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Favicons 20480 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Favicons-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\History 94208 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\History-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Login Data 12288 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Login Data-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor 5120 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor-journal 1544 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Shortcuts-journal 512 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Top Sites-journal 12824 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Web Data 71680 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\Default\Web Data-journal 1024 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\sfzone_profile\pnacl 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\Users 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\Users\Oskar 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\Users\Oskar\AppData 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\Users\Oskar\AppData\Local 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\C\Users\Oskar\AppData\Local\Temp 0 bytes File C:\avast! sandbox\S-1-5-21-1638281110-3875980975-1737662553-1001\sfzone\snx_fs.dat 4638 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{e6d720f7-44ee-11e5-826a-90e6ba5e1fe4}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{e6d720f7-44ee-11e5-826a-90e6ba5e1fe4}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{e6d720f7-44ee-11e5-826a-90e6ba5e1fe4}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\index1a.dat 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\index1b.dat 0 bytes File C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\78c-0 0 bytes ---- EOF - GMER 2.1 ----