GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-10-29 20:08:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0BB0Q 232,89GB Running: cz9guz2z.exe; Driver: C:\Users\user\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000149df0460 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000149df0450 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000149df0370 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000149df0470 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000149df03e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000149df0320 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000149df03b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000149df0390 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000149df02e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000149df02d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000149df0310 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000149df03c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000149df03f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000149df0230 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000149df0480 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000149df03a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000149df02f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000149df0350 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000149df0290 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000149df02b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000149df03d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000149df0330 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000149df0410 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000149df0240 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000149df01e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000149df0250 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000149df0490 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000149df04a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000149df0300 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000149df0360 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000149df02a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000149df02c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000149df0380 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000149df0340 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000149df0440 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000149df0260 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000149df0270 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000149df0400 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000149df01f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000149df0210 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000149df0200 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000149df0420 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000149df0430 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000149df0220 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000149df0280 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\wininit.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000149df0460 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000149df0450 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000149df0370 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000149df0470 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000149df03e0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000149df0320 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000149df03b0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000149df0390 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000149df02e0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000149df02d0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000149df0310 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000149df03c0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000149df03f0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000149df0230 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000149df0480 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000149df03a0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000149df02f0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000149df0350 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000149df0290 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000149df02b0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000149df03d0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000149df0330 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000149df0410 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000149df0240 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000149df01e0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000149df0250 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000149df0490 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000149df04a0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000149df0300 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000149df0360 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000149df02a0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000149df02c0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000149df0380 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000149df0340 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000149df0440 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000149df0260 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000149df0270 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000149df0400 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000149df01f0 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000149df0210 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000149df0200 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000149df0420 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000149df0430 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000149df0220 .text C:\Windows\system32\csrss.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000149df0280 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\services.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\winlogon.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsass.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\lsm.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\System32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\svchost.exe[824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\svchost.exe[184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\AUDIODG.EXE[1112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1368] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\nvvsvc.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\taskhost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\Dwm.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\Explorer.EXE[2180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2744] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076e02ab1 5 bytes JMP 0000000100acfa56 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\CCleaner\CCleaner64.exe[2828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000073cf11a8 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000073cf13a8 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073cf1422 2 bytes [CF, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[2920] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073cf1498 2 bytes [CF, 73] .text C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3188] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077138791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files\AVAST Software\Avast\avastui.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000103940460 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000103940450 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000103940370 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000103940470 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001039403e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000103940320 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001039403b0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000103940390 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001039402e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001039402d0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000103940310 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001039403c0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001039403f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000103940230 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000103940480 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001039403a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001039402f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000103940350 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000103940290 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001039402b0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001039403d0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000103940330 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000103940410 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000103940240 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001039401e0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000103940250 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000103940490 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001039404a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000103940300 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000103940360 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001039402a0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001039402c0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000103940380 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000103940340 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000103940440 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000103940260 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000103940270 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000103940400 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001039401f0 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000103940210 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000103940200 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000103940420 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000103940430 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000103940220 .text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000103940280 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100060270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100060280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100220460 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100220450 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100220370 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100220470 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001002203e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100220320 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001002203b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100220390 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001002202e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001002202d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100220310 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001002203c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001002203f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100220230 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100220480 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001002203a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001002202f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100220350 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100220290 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001002202b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001002203d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100220330 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100220410 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100220240 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001002201e0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100220250 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100220490 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001002204a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100220300 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100220360 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001002202a0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001002202c0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100220380 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100220340 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100220440 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100220260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100220270 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100220400 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001002201f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100220210 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100220200 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100220420 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100220430 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100220220 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100220280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[4280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\BlueStacks\HD-Service.exe[4280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\wbem\wmiprvse.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[5860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\conhost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100040280 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077491465 2 bytes [49, 77] .text C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774914bb 2 bytes [49, 77] .text ... * 2 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220 .text C:\Windows\system32\taskeng.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280 ---- EOF - GMER 2.1 ----