GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-25 11:42:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d CT250BX1 rev.MU02 232,89GB Running: szol2cz0.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\pgddyaoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 000000004a120480 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 000000004a120470 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 000000004a120360 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 000000004a120490 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 000000004a1203d0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 000000004a120310 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 000000004a1203a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 000000004a120380 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0xffffffffd25b4490} .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 000000004a1202d0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 000000004a1202c0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 000000004a120300 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 000000004a1203b0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 000000004a120440 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 000000004a1203e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 000000004a120220 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 000000004a1204a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 000000004a120390 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 000000004a1202e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 000000004a120340 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 000000004a120280 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 000000004a1202a0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 000000004a1203c0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 000000004a120320 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 000000004a120410 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 000000004a120230 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 000000004a1203f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 000000004a1201d0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 000000004a120240 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 000000004a1204b0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 000000004a1204c0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 000000004a1202f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 000000004a120350 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 000000004a120290 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 000000004a1202b0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 000000004a120370 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 000000004a120330 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 000000004a120460 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 000000004a120420 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 000000004a120250 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 000000004a120260 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 000000004a120400 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 000000004a1201e0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 000000004a120200 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 000000004a1201f0 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 000000004a120430 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 000000004a120450 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 000000004a120210 .text C:\Windows\system32\csrss.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 000000004a120270 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 000000004a120480 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 000000004a120470 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 000000004a120360 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 000000004a120490 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 000000004a1203d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 000000004a120310 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 000000004a1203a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 000000004a120380 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0xffffffffd25b4490} .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 000000004a1202d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 000000004a1202c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 000000004a120300 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 000000004a1203b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 000000004a120440 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 000000004a1203e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 000000004a120220 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 000000004a1204a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 000000004a120390 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 000000004a1202e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 000000004a120340 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 000000004a120280 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 000000004a1202a0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 000000004a1203c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 000000004a120320 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 000000004a120410 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 000000004a120230 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 000000004a1203f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 000000004a1201d0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 000000004a120240 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 000000004a1204b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 000000004a1204c0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 000000004a1202f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 000000004a120350 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 000000004a120290 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 000000004a1202b0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 000000004a120370 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 000000004a120330 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 000000004a120460 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 000000004a120420 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 000000004a120250 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 000000004a120260 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 000000004a120400 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 000000004a1201e0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 000000004a120200 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 000000004a1201f0 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 000000004a120430 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 000000004a120450 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 000000004a120210 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 000000004a120270 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\winlogon.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\lsass.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\lsm.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\nvvsvc.exe[896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0xffffffff88504490} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\Explorer.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\spoolsv.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\taskhost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2096] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076fd2bdc 5 bytes JMP 0000000000ab8d78 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[2244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2948] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075c28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\svchost.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\SearchIndexer.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\GWX\GWX.exe[3688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\AUDIODG.EXE[4636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\taskeng.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\system32\vssvc.exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b6bbe0 5 bytes JMP 0000000077cd0480 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b6bc30 5 bytes JMP 0000000077cd0470 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b6bd90 5 bytes JMP 0000000077cd0360 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b6bde0 5 bytes JMP 0000000077cd0490 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b6bdf0 5 bytes JMP 0000000077cd03d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b6bea0 5 bytes JMP 0000000077cd0310 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b6bed0 5 bytes JMP 0000000077cd03a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b6bef0 1 byte JMP 0000000077cd0380 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000077b6bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b6bf30 5 bytes JMP 0000000077cd02d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b6bfb0 5 bytes JMP 0000000077cd02c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b6bfd0 5 bytes JMP 0000000077cd0300 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b6c010 5 bytes JMP 0000000077cd03b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b6c050 5 bytes JMP 0000000077cd0440 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b6c060 5 bytes JMP 0000000077cd03e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b6c1c0 5 bytes JMP 0000000077cd0220 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b6c380 5 bytes JMP 0000000077cd04a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b6c3b0 5 bytes JMP 0000000077cd0390 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b6c490 5 bytes JMP 0000000077cd02e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b6c4a0 5 bytes JMP 0000000077cd0340 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b6c500 5 bytes JMP 0000000077cd0280 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b6c590 5 bytes JMP 0000000077cd02a0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b6c5b0 5 bytes JMP 0000000077cd03c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b6c5c0 5 bytes JMP 0000000077cd0320 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b6c630 5 bytes JMP 0000000077cd0410 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b6c660 5 bytes JMP 0000000077cd0230 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b6c800 5 bytes JMP 0000000077cd03f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b6c920 5 bytes JMP 0000000077cd01d0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b6c9e0 5 bytes JMP 0000000077cd0240 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b6ca10 5 bytes JMP 0000000077cd04b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b6ca20 5 bytes JMP 0000000077cd04c0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b6ca50 5 bytes JMP 0000000077cd02f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b6ca60 5 bytes JMP 0000000077cd0350 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b6cac0 5 bytes JMP 0000000077cd0290 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b6cb10 5 bytes JMP 0000000077cd02b0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b6cb40 5 bytes JMP 0000000077cd0370 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b6cb50 5 bytes JMP 0000000077cd0330 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b6ce40 5 bytes JMP 0000000077cd0460 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b6cfa0 5 bytes JMP 0000000077cd0420 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b6d040 5 bytes JMP 0000000077cd0250 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b6d050 5 bytes JMP 0000000077cd0260 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b6d060 5 bytes JMP 0000000077cd0400 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b6d220 5 bytes JMP 0000000077cd01e0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b6d230 5 bytes JMP 0000000077cd0200 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b6d2a0 5 bytes JMP 0000000077cd01f0 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b6d300 5 bytes JMP 0000000077cd0430 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b6d310 5 bytes JMP 0000000077cd0450 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b6d320 5 bytes JMP 0000000077cd0210 .text C:\Windows\System32\svchost.exe[1328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b6d400 5 bytes JMP 0000000077cd0270 ---- Files - GMER 2.2 ---- File C:\Users\Kuba\AppData\Local\Mozilla\Firefox\Profiles\o781wbxg.default\cache2\entries\3ED0927C495B55619E8F472F750DDEC41EF91953 882 bytes ---- EOF - GMER 2.2 ----