GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-29 15:56:19 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000081 ST1000DM rev.CC47 931,51GB Running: yegfk9vv.exe; Driver: C:\Users\Kamil\AppData\Local\Temp\uxldqpoc.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 608 fffff96000145af0 8 bytes [10, 8D, 84, 07, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000175600 7 bytes [C0, 5F, F3, FF, 41, 6F, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000175608 3 bytes [C0, 06, 02] .text ... * 105 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 468 fffff9600023d988 6 bytes {JMP QWORD [RIP-0xbc26a]} ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 000000004a150480 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 000000004a150470 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 000000004a150360 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 000000004a150490 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 000000004a1503d0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 000000004a150310 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 000000004a1503a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 000000004a150380 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 000000004a1502d0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 000000004a1502c0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffffd28f2a90} .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 000000004a150300 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 000000004a1503b0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 000000004a150440 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 000000004a1503e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 000000004a150220 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 000000004a1504a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 000000004a150390 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 000000004a1502e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 000000004a150340 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 000000004a150280 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 000000004a1502a0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffffd28f2490} .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 000000004a1503c0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffffd28f2590} .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 000000004a150320 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 000000004a150410 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 000000004a150230 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 000000004a1503f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 000000004a1501d0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 000000004a150240 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 000000004a1504b0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 000000004a1504c0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 000000004a1502f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 000000004a150350 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 000000004a150290 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 000000004a1502b0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 000000004a150370 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 000000004a150330 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 000000004a150460 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 000000004a150420 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 000000004a150250 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffffd28f1990} .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 000000004a150260 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffffd28f1990} .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 000000004a150400 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 000000004a1501e0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 000000004a150200 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 000000004a1501f0 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 000000004a150430 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 000000004a150450 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 000000004a150210 .text C:\Windows\system32\csrss.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 000000004a150270 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 000000004a150480 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 000000004a150470 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 000000004a150360 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 000000004a150490 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 000000004a1503d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 000000004a150310 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 000000004a1503a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 000000004a150380 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 000000004a1502d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 000000004a1502c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffffd28f2a90} .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 000000004a150300 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 000000004a1503b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 000000004a150440 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 000000004a1503e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 000000004a150220 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 000000004a1504a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 000000004a150390 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 000000004a1502e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 000000004a150340 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 000000004a150280 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 000000004a1502a0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffffd28f2490} .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 000000004a1503c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffffd28f2590} .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 000000004a150320 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 000000004a150410 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 000000004a150230 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 000000004a1503f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 000000004a1501d0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 000000004a150240 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 000000004a1504b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 000000004a1504c0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 000000004a1502f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 000000004a150350 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 000000004a150290 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 000000004a1502b0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 000000004a150370 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 000000004a150330 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 000000004a150460 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 000000004a150420 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 000000004a150250 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffffd28f1990} .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 000000004a150260 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffffd28f1990} .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 000000004a150400 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 000000004a1501e0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 000000004a150200 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 000000004a1501f0 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 000000004a150430 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 000000004a150450 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 000000004a150210 .text C:\Windows\system32\csrss.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 000000004a150270 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\winlogon.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\services.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\lsass.exe[796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\lsm.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\nvvsvc.exe[436] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\System32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\AUDIODG.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\System32\spoolsv.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text E:\Programy\AVAST Software\Avast\afwServ.exe[1864] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077128791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\System32\svchost.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\nvvsvc.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\taskhost.exe[2940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\taskeng.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\Dwm.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Windows\Explorer.EXE[3328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsuA446.tmp[3696] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000060480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000060470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000060360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000060490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000603d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000060310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000603a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000060380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000602d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000602c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88802a90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000060300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000603b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000060440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000603e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000060220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000604a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000060390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000602e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000060340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000060280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000602a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88802490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000603c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88802590} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000060320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000060410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000060230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000603f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000601d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000060240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000604b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000604c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000602f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000060350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000060290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000602b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000060370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000060330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000060460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000060420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000060250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88801990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000060260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88801990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000060400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000601e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000060200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000601f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000060430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000060450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000060210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000060270 .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000752317fa 2 bytes CALL 771211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000075231860 2 bytes CALL 771211a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000075231942 2 bytes JMP 75957089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007523194d 2 bytes JMP 7595cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3184] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\BFNService.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\00000000-1458867027-0000-0000-D43D7EF14507\knsj8737.tmp[4116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\wbem\wmiprvse.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\conhost.exe[5384] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 0000000000070480 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 0000000000070470 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 0000000000070360 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 0000000000070490 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 0000000000070310 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 0000000000070380 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000000702c0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0xffffffff88812a90} .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 0000000000070300 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 0000000000070440 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 0000000000070220 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 0000000000070390 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 0000000000070340 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 0000000000070280 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000000702a0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0xffffffff88812490} .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000000703c0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0xffffffff88812590} .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 0000000000070320 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 0000000000070410 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 0000000000070240 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 0000000000070290 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 0000000000070370 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 0000000000070420 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 0000000000070250 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 0000000000070260 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0xffffffff88811990} .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 0000000000070400 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 0000000000070430 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 0000000000070450 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 0000000000070210 .text C:\Windows\System32\rundll32.exe[5760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 0000000000070270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a92bcd 5 bytes JMP 0000000000b23610 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text E:\Programy\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe[4548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000070d211a8 2 bytes [D2, 70] .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000070d2127d 2 bytes CALL 771214c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000070d21310 2 bytes CALL 771214c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000070d213a8 2 bytes [D2, 70] .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070d21422 2 bytes [D2, 70] .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070d21498 2 bytes [D2, 70] .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 000000006f741825 2 bytes JMP 77386365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 000000006f741830 2 bytes JMP 77386385 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000006f74183b 2 bytes JMP 773863a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 000000006f741846 2 bytes JMP 77385c45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 000000006f741851 2 bytes JMP 773863c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000006f74185c 2 bytes JMP 773864a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 000000006f741867 2 bytes JMP 773864c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 000000006f741872 2 bytes JMP 773864e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000006f74187d 2 bytes JMP 77386505 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 000000006f741888 2 bytes JMP 77385c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 000000006f741893 2 bytes JMP 77386525 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000006f74189e 2 bytes JMP 77385ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 000000006f7418a9 2 bytes JMP 77386545 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 000000006f7418b4 2 bytes JMP 77386565 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 000000006f7418bf 2 bytes JMP 7735228b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 000000006f7418ca 2 bytes JMP 773865a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 000000006f7418d5 2 bytes JMP 77385d05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 000000006f7418e0 2 bytes JMP 77385d85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 000000006f7418eb 2 bytes JMP 77385da5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 000000006f7418f6 2 bytes JMP 77386b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 000000006f741901 2 bytes JMP 77385cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000006f74190c 2 bytes JMP 77386b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 000000006f741917 2 bytes JMP 77386b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 000000006f741922 2 bytes JMP 77385d25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000006f74192d 2 bytes JMP 77386b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 000000006f741938 2 bytes JMP 77386ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 000000006f741943 2 bytes JMP 77386bc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000006f74194e 2 bytes JMP 77386be5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 000000006f741959 2 bytes JMP 77386c05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 000000006f741964 2 bytes JMP 77386c25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000006f74196f 2 bytes JMP 77386c45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000006f74197a 2 bytes JMP 77386c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 000000006f741985 2 bytes JMP 77386c85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 000000006f741990 2 bytes JMP 77386ca5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000006f74199b 2 bytes JMP 77386cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 000000006f7419a6 2 bytes JMP 77386ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 000000006f7419b1 2 bytes JMP 77386d05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 000000006f7419bc 2 bytes JMP 77386d25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 000000006f7419c7 2 bytes JMP 77386d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 000000006f7419d2 2 bytes JMP 77386d65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 000000006f7419dd 2 bytes JMP 77385dc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 000000006f7419e8 2 bytes JMP 77386da5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 000000006f7419f3 2 bytes JMP 77386dc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 000000006f7419fe 2 bytes JMP 77386e03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 000000006f741a09 2 bytes JMP 77386e23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 000000006f741a14 2 bytes JMP 77386e43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 000000006f741a1f 2 bytes JMP 77385d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 000000006f741a2a 2 bytes JMP 77386e63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 000000006f741a35 2 bytes JMP 77386e83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 000000006f741a40 2 bytes JMP 77386ea3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 000000006f741a4b 2 bytes JMP 77386ec3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 000000006f741a56 2 bytes JMP 77386ee3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 000000006f741a61 2 bytes JMP 77386f03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 000000006f741a6c 2 bytes JMP 77385de5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 000000006f741a77 2 bytes JMP 77386f23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 000000006f741a82 2 bytes JMP 77386f43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe[5588] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 000000006f741ab2 2 bytes JMP 773fdc75 C:\Windows\syswow64\msvcrt.dll .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\SearchIndexer.exe[5928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text E:\Programy\AVAST Software\Avast\AvastUI.exe[6964] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077128791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Program Files\Intel\TurboBoost\TurboBoost.exe[7644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe[7836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075db1401 2 bytes JMP 7714b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075db1419 2 bytes JMP 7714b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075db1431 2 bytes JMP 771c9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075db144a 2 bytes CALL 771248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075db14dd 2 bytes JMP 771c890a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075db14f5 2 bytes JMP 771c8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075db150d 2 bytes JMP 771c8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075db1525 2 bytes JMP 771c8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075db153d 2 bytes JMP 7713fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075db1555 2 bytes JMP 77146907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075db156d 2 bytes JMP 771c90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075db1585 2 bytes JMP 771c8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075db159d 2 bytes JMP 771c87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075db15b5 2 bytes JMP 7713fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075db15cd 2 bytes JMP 7714b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075db16b2 2 bytes JMP 771c8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\Kamil\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075db16bd 2 bytes JMP 771c8759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007785d460 5 bytes JMP 00000000779c0480 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007785d4b0 5 bytes JMP 00000000779c0470 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007785d610 5 bytes JMP 00000000779c0360 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007785d660 5 bytes JMP 00000000779c0490 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007785d670 5 bytes JMP 00000000779c03d0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007785d720 5 bytes JMP 00000000779c0310 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007785d750 5 bytes JMP 00000000779c03a0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007785d770 5 bytes JMP 00000000779c0380 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007785d7b0 5 bytes JMP 00000000779c02d0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007785d830 1 byte JMP 00000000779c02c0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 000000007785d832 3 bytes {JMP 0x162a90} .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007785d850 5 bytes JMP 00000000779c0300 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007785d890 5 bytes JMP 00000000779c03b0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007785d8d0 5 bytes JMP 00000000779c0440 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007785d8e0 5 bytes JMP 00000000779c03e0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007785da40 5 bytes JMP 00000000779c0220 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007785dc00 5 bytes JMP 00000000779c04a0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007785dc30 5 bytes JMP 00000000779c0390 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007785dd10 5 bytes JMP 00000000779c02e0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000000007785dd20 5 bytes JMP 00000000779c0340 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007785dd80 5 bytes JMP 00000000779c0280 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007785de10 1 byte JMP 00000000779c02a0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 000000007785de12 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007785de30 1 byte JMP 00000000779c03c0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 000000007785de32 3 bytes {JMP 0x162590} .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000000007785de40 5 bytes JMP 00000000779c0320 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000000007785deb0 5 bytes JMP 00000000779c0410 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000000007785dee0 5 bytes JMP 00000000779c0230 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007785e080 5 bytes JMP 00000000779c03f0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007785e1a0 5 bytes JMP 00000000779c01d0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000000007785e260 5 bytes JMP 00000000779c0240 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000000007785e290 5 bytes JMP 00000000779c04b0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000000007785e2a0 5 bytes JMP 00000000779c04c0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000000007785e2d0 5 bytes JMP 00000000779c02f0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000000007785e2e0 5 bytes JMP 00000000779c0350 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000000007785e340 5 bytes JMP 00000000779c0290 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000000007785e390 5 bytes JMP 00000000779c02b0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000000007785e3c0 5 bytes JMP 00000000779c0370 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000000007785e3d0 5 bytes JMP 00000000779c0330 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000000007785e6c0 5 bytes JMP 00000000779c0460 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 000000007785e820 5 bytes JMP 00000000779c0420 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000000007785e8c0 1 byte JMP 00000000779c0250 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 000000007785e8c2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000000007785e8d0 1 byte JMP 00000000779c0260 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 000000007785e8d2 3 bytes {JMP 0x161990} .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007785e8e0 5 bytes JMP 00000000779c0400 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007785eaa0 5 bytes JMP 00000000779c01e0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000000007785eab0 5 bytes JMP 00000000779c0200 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007785eb20 5 bytes JMP 00000000779c01f0 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007785eb80 5 bytes JMP 00000000779c0430 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007785eb90 5 bytes JMP 00000000779c0450 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007785eba0 5 bytes JMP 00000000779c0210 .text C:\Windows\system32\svchost.exe[7796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007785ec80 5 bytes JMP 00000000779c0270 ---- EOF - GMER 2.2 ----