GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-18 21:28:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB Running: v7b3nbwj.exe; Driver: C:\Users\adam\AppData\Local\Temp\fwlyqaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\services.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\Explorer.EXE[2036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000000070450 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000000070440 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0xffffffff883df090} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000000070360 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000000070460 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000000070310 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000000070380 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 00000000000702c0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x3f} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000000070300 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000000070220 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000000070470 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000000070390 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000000070340 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000000070280 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 00000000000702a0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0xffffffff883de590} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 00000000000703c0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0xffffffff883de690} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000000070320 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000000070240 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000000070480 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000000070290 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000000070430 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000000070250 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0xffffffff883dda90} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000000070260 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0xffffffff883dda90} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000000070410 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0xffffffff883dd990} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000000070420 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0xffffffff883dd990} .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\SearchIndexer.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c91360 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c913b0 1 byte JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c913b2 3 bytes {JMP 0x15f090} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c91510 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c91560 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c91570 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c91620 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c91650 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c91670 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c916b0 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c91730 1 byte JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077c91732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c91750 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c91790 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c917e0 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c91940 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c91b00 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c91b30 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c91c10 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c91c20 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c91c80 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c91d10 1 byte JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077c91d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c91d30 1 byte JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077c91d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c91d40 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c91db0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c91de0 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c920a0 5 bytes JMP 0000000077df01d0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c92160 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c92190 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c921a0 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c921d0 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c921e0 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c92240 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c92290 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c922c0 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c922d0 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c925c0 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c927c0 1 byte JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077c927c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c927d0 1 byte JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077c927d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c927e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c929a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c929b0 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c92a20 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c92a80 1 byte JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 2 0000000077c92a82 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c92a90 1 byte JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 2 0000000077c92a92 3 bytes {JMP 0x15d990} .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c92aa0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c92b80 5 bytes JMP 0000000077df0270 ---- Threads - GMER 2.2 ---- Thread [548:628] 000007fefd961f00 Thread [548:632] 000007fefd961c90 Thread [548:636] 000007fefd9c4be4 Thread [548:640] 000007fefd9c3ff0 Thread [548:656] 000007fefd9c4be4 Thread [548:692] 000007fefd963710 Thread [548:696] 000007fefd963710 Thread [548:1012] 000007fefd9c4be4 Thread [548:4868] 000007fefd9c4be4 Thread C:\Windows\system32\services.exe [584:744] 000007fefcd394c4 Thread C:\Windows\System32\svchost.exe [948:484] 000007fefc31f2f4 Thread C:\Windows\System32\svchost.exe [948:1036] 000007fefc296204 Thread C:\Windows\System32\svchost.exe [948:1136] 000007fefb785440 Thread C:\Windows\System32\svchost.exe [948:2836] 000007fef8106b8c Thread C:\Windows\System32\svchost.exe [948:2844] 000007fef8101d88 Thread C:\Windows\System32\svchost.exe [948:4956] 000007fefe4ec608 Thread C:\Windows\System32\svchost.exe [108:1224] 000007fefb1959a0 Thread C:\Windows\System32\svchost.exe [108:2704] 000007fefd381a70 Thread C:\Windows\System32\svchost.exe [108:2900] 000007fef8c544e0 Thread C:\Windows\System32\svchost.exe [108:3348] 000007fef8f688f8 Thread C:\Windows\System32\svchost.exe [108:3476] 000007fef05b8a4c Thread C:\Windows\system32\svchost.exe [1128:2132] 000007fef8fabec4 Thread C:\Windows\system32\svchost.exe [1128:3948] 000007fef8de5124 Thread C:\Windows\System32\spoolsv.exe [1692:976] 000007fef68310c8 Thread C:\Windows\System32\spoolsv.exe [1692:2728] 000007fef67f6144 Thread C:\Windows\System32\spoolsv.exe [1692:2592] 000007fef6325fd0 Thread C:\Windows\System32\spoolsv.exe [1692:2092] 000007fef6303438 Thread C:\Windows\System32\spoolsv.exe [1692:2780] 000007fef63263ec Thread C:\Windows\System32\spoolsv.exe [1692:2568] 000007fef7735e5c Thread C:\Windows\System32\spoolsv.exe [1692:2696] 000007fef7465090 Thread C:\Windows\system32\taskhost.exe [2996:3064] 000007fef76c2740 Thread C:\Windows\system32\taskhost.exe [2996:2220] 000007fefb991010 Thread C:\Windows\system32\taskhost.exe [2996:2232] 000007fef72c1f38 Thread C:\Windows\system32\taskhost.exe [2996:3436] 000007fef7025170 Thread C:\Windows\Explorer.EXE [2036:1008] 000007fef6312154 Thread C:\Windows\Explorer.EXE [2036:3700] 000007fefc296204 Thread C:\Windows\Explorer.EXE [2036:3912] 000007fef22a2f9c Thread C:\Windows\Explorer.EXE [2036:3988] 000007feecb42118 Thread C:\Windows\Explorer.EXE [2036:3740] 000007fef54acc10 Thread C:\Windows\Explorer.EXE [2036:3744] 000007fef536b564 Thread C:\Windows\Explorer.EXE [2036:3800] 000007fefb991010 Thread C:\Windows\Explorer.EXE [2036:4860] 000007fef279a3f8 Thread C:\Windows\Explorer.EXE [2036:4196] 000007fef22a2f9c Thread C:\Windows\Explorer.EXE [2036:1500] 000007fef22a2f9c Thread C:\Windows\Explorer.EXE [2036:708] 000007fef279bbc8 Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1088:4052] 000007fefbdd2ab8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1052:2388] 000007fefbdd2ab8 Thread C:\Windows\system32\taskhost.exe [4920:3080] 000007fef7f5ef24 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- EOF - GMER 2.2 ----