GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-28 22:30:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000078 ATA_____ rev.LVD3 931,51GB Running: gmer.exe; Driver: C:\Users\Karol\AppData\Local\Temp\pgloqpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000149e40450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000149e40440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffffd2742990} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000149e40360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000149e40460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 0000000149e403d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000149e40310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 0000000149e403a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000149e40380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 0000000149e402d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 0000000149e402c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffffd2742490} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000149e40300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 0000000149e403b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 0000000149e403e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000149e40220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000149e40470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000149e40390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 0000000149e402e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000149e40340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000149e40280 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 0000000149e402a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffffd2741e90} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 0000000149e403c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffffd2741f90} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000149e40320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000149e40400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000149e40230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 0000000149e401d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000149e40240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000149e40480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000149e40490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 0000000149e402f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000149e40350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000149e40290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 0000000149e402b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000149e40370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000149e40330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000149e40430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000149e40250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffffd2741390} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000149e40260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffffd2741390} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 0000000149e403f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 0000000149e401e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000149e40200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 0000000149e401f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000149e40410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffffd2741290} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000149e40420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffffd2741290} .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000149e40210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000149e40270 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\wininit.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000149e40450 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000149e40440 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffffd2742990} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000149e40360 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000149e40460 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 0000000149e403d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000149e40310 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 0000000149e403a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000149e40380 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 0000000149e402d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 0000000149e402c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffffd2742490} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000149e40300 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 0000000149e403b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 0000000149e403e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000149e40220 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000149e40470 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000149e40390 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 0000000149e402e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000149e40340 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000149e40280 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 0000000149e402a0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffffd2741e90} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 0000000149e403c0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffffd2741f90} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000149e40320 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000149e40400 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000149e40230 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 0000000149e401d0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000149e40240 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000149e40480 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000149e40490 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 0000000149e402f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000149e40350 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000149e40290 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 0000000149e402b0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000149e40370 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000149e40330 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000149e40430 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000149e40250 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffffd2741390} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000149e40260 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffffd2741390} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 0000000149e403f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 0000000149e401e0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000149e40200 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 0000000149e401f0 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000149e40410 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffffd2741290} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000149e40420 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffffd2741290} .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000149e40210 .text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000149e40270 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\winlogon.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\svchost.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\WLANExt.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007749a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774a3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774bffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cf330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077509510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077528830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1440] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\nvvsvc.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef841dc88 5 bytes JMP 000007fff82100d8 .text C:\Windows\system32\Dwm.exe[1748] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef841de10 5 bytes JMP 000007fff8210110 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Windows\Explorer.EXE[1764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[1888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\taskhost.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\svchost.exe[2676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007749a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774a3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774bffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cf330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077509510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077528830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef3312460 5 bytes JMP 000007fefd5202d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[2576] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef33496b0 6 bytes JMP 000007fefd520298 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\conhost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\rundll32.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 0000000100e1f4f2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075295ea5 5 bytes JMP 000000016c162ac0 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3300] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752c9d0b 5 bytes JMP 000000016c162a50 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\hkcmd.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Windows\System32\igfxpers.exe[3344] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[3360] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\igfxsrvc.exe[3384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007749a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774a3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774bffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cf330 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077509510 5 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077528830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe[3504] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\user32.DLL!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075295ea5 5 bytes JMP 000000016c162ac0 .text C:\Users\Karol\AppData\Roaming\Spotify\SpotifyWebHelper.exe[3544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752c9d0b 5 bytes JMP 000000016c162a50 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\SearchIndexer.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007749a460 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774a3f80 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774bffa0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cf330 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f9a80 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077509510 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077528830 7 bytes JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4088] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757a8769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075295ea5 5 bytes JMP 000000016c162ac0 .text C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe[3196] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752c9d0b 5 bytes JMP 000000016c162a50 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Windows\system32\wbem\unsecapp.exe[4416] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075295ea5 5 bytes JMP 000000016c162ac0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5536] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752c9d0b 5 bytes JMP 000000016c162a50 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\System32\svchost.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000753f1401 2 bytes JMP 757cb20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000753f1419 2 bytes JMP 757cb336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000753f1431 2 bytes JMP 75848f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000753f144a 2 bytes CALL 757a4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753f14dd 2 bytes JMP 75848832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753f14f5 2 bytes JMP 75848a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000753f150d 2 bytes JMP 75848728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000753f1525 2 bytes JMP 75848af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000753f153d 2 bytes JMP 757bfc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000753f1555 2 bytes JMP 757c68df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000753f156d 2 bytes JMP 75848ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000753f1585 2 bytes JMP 75848b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000753f159d 2 bytes JMP 758486ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753f15b5 2 bytes JMP 757bfd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753f15cd 2 bytes JMP 757cb2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753f16b2 2 bytes JMP 75848eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753f16bd 2 bytes JMP 75848681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075295ea5 5 bytes JMP 000000016c162ac0 .text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[6072] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000752c9d0b 5 bytes JMP 000000016c162a50 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0xffffffff88972990} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0xffffffff88972490} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0xffffffff88971e90} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0xffffffff88971f90} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000001000701d0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0xffffffff88971390} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0xffffffff88971290} .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000100070270 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007749a460 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000774a3f80 5 bytes JMP 000000016fff0180 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000774bffa0 5 bytes JMP 000000016fff01b8 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000774cf330 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774f9a80 7 bytes JMP 000000016fff00d8 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077509510 5 bytes JMP 000000016fff0148 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077528830 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd532db0 5 bytes JMP 000007fffd520180 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5337d0 7 bytes JMP 000007fffd5200d8 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a410 2 bytes JMP 000007fffd520110 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd53a413 2 bytes [FE, FF] .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd53aec0 6 bytes JMP 000007fffd520148 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe2a89d0 8 bytes JMP 000007fffd5201f0 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe2abe40 8 bytes JMP 000007fffd5201b8 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9774a0 11 bytes JMP 000007fffd520228 .text C:\Windows\system32\NOTEPAD.EXE[4456] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd98bf10 7 bytes JMP 000007fffd520260 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776fda60 5 bytes JMP 0000000077860450 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776fdab0 1 byte JMP 0000000077860440 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 00000000776fdab2 3 bytes {JMP 0x162990} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776fdc10 5 bytes JMP 0000000077860360 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776fdc60 5 bytes JMP 0000000077860460 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776fdc70 5 bytes JMP 00000000778603d0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776fdd20 5 bytes JMP 0000000077860310 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776fdd50 5 bytes JMP 00000000778603a0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776fdd70 5 bytes JMP 0000000077860380 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776fddb0 5 bytes JMP 00000000778602d0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776fde30 1 byte JMP 00000000778602c0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 00000000776fde32 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776fde50 5 bytes JMP 0000000077860300 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776fde90 5 bytes JMP 00000000778603b0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776fdee0 5 bytes JMP 00000000778603e0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776fe040 5 bytes JMP 0000000077860220 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776fe200 5 bytes JMP 0000000077860470 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776fe230 5 bytes JMP 0000000077860390 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776fe310 5 bytes JMP 00000000778602e0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776fe320 5 bytes JMP 0000000077860340 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776fe380 5 bytes JMP 0000000077860280 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776fe410 1 byte JMP 00000000778602a0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 00000000776fe412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776fe430 1 byte JMP 00000000778603c0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 00000000776fe432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776fe440 5 bytes JMP 0000000077860320 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776fe4b0 5 bytes JMP 0000000077860400 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776fe4e0 5 bytes JMP 0000000077860230 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776fe7a0 5 bytes JMP 00000000778601d0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776fe860 5 bytes JMP 0000000077860240 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776fe890 5 bytes JMP 0000000077860480 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776fe8a0 5 bytes JMP 0000000077860490 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776fe8d0 5 bytes JMP 00000000778602f0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776fe8e0 5 bytes JMP 0000000077860350 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776fe940 5 bytes JMP 0000000077860290 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776fe990 5 bytes JMP 00000000778602b0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776fe9c0 5 bytes JMP 0000000077860370 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776fe9d0 5 bytes JMP 0000000077860330 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776fecc0 5 bytes JMP 0000000077860430 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776feec0 1 byte JMP 0000000077860250 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00000000776feec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776feed0 1 byte JMP 0000000077860260 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00000000776feed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776feee0 5 bytes JMP 00000000778603f0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776ff0a0 5 bytes JMP 00000000778601e0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776ff0b0 5 bytes JMP 0000000077860200 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776ff120 5 bytes JMP 00000000778601f0 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776ff180 1 byte JMP 0000000077860410 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 00000000776ff182 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776ff190 1 byte JMP 0000000077860420 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 00000000776ff192 3 bytes {JMP 0x161290} .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776ff1a0 5 bytes JMP 0000000077860210 .text C:\Windows\system32\taskeng.exe[5596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776ff280 5 bytes JMP 0000000077860270 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000757a1eee 7 bytes JMP 000000016c163b60 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000757a5b85 7 bytes JMP 000000016c1641b0 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000757b13e1 7 bytes JMP 000000016c163dc0 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000757bea35 7 bytes JMP 000000016c163b50 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075848eb4 7 bytes JMP 000000016c1636a0 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075848f39 5 bytes JMP 000000016c163750 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 000000007584928f 5 bytes JMP 000000016c1636b0 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076051d29 5 bytes JMP 000000016c163660 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076051dd7 5 bytes JMP 000000016c163620 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076052ab1 5 bytes JMP 000000016c163760 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076052d1d 5 bytes JMP 000000016c163460 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000773ed2b4 5 bytes JMP 000000016c162c40 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000773ed4ee 5 bytes JMP 000000016c162c50 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075418a29 5 bytes JMP 000000016c162b00 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075424572 5 bytes JMP 000000016c1633e0 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007543e567 5 bytes JMP 000000016c163450 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000754607d7 5 bytes JMP 000000016c162940 .text C:\Users\Karol\Downloads\gmer\gmer.exe[5248] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075477a5c 5 bytes JMP 000000016c1633c0 ---- Threads - GMER 2.1 ---- Thread [1924:2000] 0000000071f1d6f0 Thread [1924:2004] 00000000778cc557 Thread [1924:2008] 00000000778e27c1 Thread [1924:2012] 0000000073e2f28e Thread [1924:2016] 00000000778e27c1 Thread [1924:2024] 0000000075627587 Thread [1924:1664] 0000000073e2f28e Thread [1924:2032] 00000000719c4e10 Thread [1924:1428] 00000000719c4050 Thread [1924:2212] 00000000778e27c1 Thread [1924:2284] 0000000073e74de8 Thread [1924:2292] 00000000752ad854 Thread [1924:3176] 00000000778e27c1 Thread [1924:3880] 0000000073e2f28e Thread [1924:4240] 00000000713e62ee Thread [1924:4732] 00000000719a96e0 Thread [1924:4736] 00000000719a96e0 Thread [1924:4740] 00000000719a96e0 Thread [1924:4744] 00000000719a96e0 Thread [1924:4748] 00000000719a96e0 Thread [1924:4752] 00000000719a96e0 Thread [1924:4756] 00000000719a96e0 Thread [1924:4760] 00000000719a96e0 Thread [1924:4764] 00000000719a96e0 Thread [1924:4768] 00000000719a96e0 Thread [1924:4772] 00000000719a96e0 Thread [1924:4776] 00000000719a96e0 Thread [1924:4780] 00000000719aa750 Thread [1924:4784] 00000000719aa750 Thread [1924:4788] 00000000719a9c30 Thread [1924:4792] 0000000071a0a910 Thread [1924:4796] 0000000071a096e0 Thread [1924:4800] 0000000071a09b10 Thread [1924:4804] 00000000719acc40 Thread [1924:4808] 00000000719acc40 Thread [1924:4812] 00000000719acc40 Thread [1924:4816] 00000000719acc40 Thread [1924:4820] 00000000719acc40 Thread [1924:4824] 00000000719acc40 Thread [1924:4828] 00000000719acc40 Thread [1924:4832] 00000000719acc40 Thread [1924:4836] 00000000719acc40 Thread [1924:4840] 00000000719acc40 Thread [1924:4844] 00000000719acc40 Thread [1924:4848] 00000000719acc40 Thread [1924:4852] 00000000719ac940 Thread [1924:4856] 00000000733a1080 Thread [1924:4860] 0000000073361c00 Thread [1924:4864] 0000000073366be0 Thread [1924:4868] 0000000073366be0 Thread [1924:4876] 00000000719c5ee0 Thread [1924:4880] 00000000719ac090 Thread [1924:4888] 0000000073e2f28e Thread [1924:4892] 00000000731052c9 Thread [1924:4896] 0000000071a2c5c0 Thread [1924:4904] 0000000071748d10 Thread [1924:4908] 00000000733a16d0 Thread [1924:4920] 000000006c2fad70 Thread [1924:4956] 0000000073e2f28e Thread [1924:4960] 0000000073e2f28e Thread [1924:4964] 0000000073e2f28e Thread [1924:4968] 0000000073e2f28e Thread [1924:4972] 0000000073e2f28e Thread [1924:4976] 0000000073e2f28e Thread [1924:4980] 0000000073e2f28e Thread [1924:4984] 0000000073e2f28e Thread [1924:5004] 0000000073e2f28e Thread [1924:5012] 0000000071b8f060 Thread [1924:5016] 0000000071b91ff0 Thread [1924:5020] 0000000073e2f28e Thread [1924:5024] 0000000071b6f300 Thread [1924:5040] 0000000073e2f28e Thread [1924:5044] 0000000073e2f28e Thread [1924:1256] 0000000073e2f28e Thread [1924:1488] 000000006bea62d0 Thread [1924:1988] 000000006bea62d0 Thread [1924:4412] 000000006bea62d0 Thread [1924:4344] 000000006bea62d0 Thread [1924:4428] 000000006bea62d0 Thread [1924:4408] 000000006bea62d0 Thread [1924:4380] 000000006bea62d0 Thread [1924:4420] 000000006bea62d0 Thread [1924:4676] 000000006bea62d0 Thread [1924:4680] 000000006bea62d0 Thread [1924:5124] 0000000073e2f28e Thread [1924:5240] 0000000073e2f28e Thread [1924:5256] 0000000073e2f28e Thread [1924:5264] 0000000073e2f28e Thread [1924:5568] 0000000073e2f28e Thread [1924:5880] 0000000067d06fe0 Thread [1924:5896] 0000000073e2f28e Thread [1924:3084] 0000000073e2f28e Thread [1924:2052] 00000000778cc557 Thread [1924:6724] 0000000073e2f28e Thread [1924:4640] 00000000778e27c1 Thread [1924:4424] 00000000778e27c1 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0003199e8b00 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c8bfd7c5271 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c8bfd7c5271@30766fb883a4 0x9B 0x45 0xE1 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0003199e8b00 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c8bfd7c5271 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c8bfd7c5271@30766fb883a4 0x9B 0x45 0xE1 0xD6 ... ---- EOF - GMER 2.1 ----