GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-25 18:58:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB Running: 5r1ozl8p.exe; Driver: C:\Users\Agatka\AppData\Local\Temp\uxldrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000001498d0460 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000001498d0450 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000001498d0370 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000001498d0470 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001498d03e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000001498d0320 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001498d03b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000001498d0390 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001498d02e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001498d02d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000001498d0310 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001498d03c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001498d03f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000001498d0230 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000001498d0480 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001498d03a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001498d02f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000001498d0350 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000001498d0290 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001498d02b0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001498d03d0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000001498d0330 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000001498d0410 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000001498d0240 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001498d01e0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000001498d0250 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000001498d0490 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001498d04a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000001498d0300 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000001498d0360 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001498d02a0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001498d02c0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000001498d0380 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000001498d0340 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000001498d0440 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000001498d0260 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000001498d0270 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000001498d0400 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001498d01f0 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000001498d0210 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000001498d0200 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000001498d0420 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000001498d0430 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000001498d0220 .text C:\Windows\system32\csrss.exe[496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000001498d0280 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\wininit.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000001498d0460 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000001498d0450 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000001498d0370 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000001498d0470 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001498d03e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000001498d0320 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001498d03b0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000001498d0390 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001498d02e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001498d02d0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000001498d0310 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001498d03c0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001498d03f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000001498d0230 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000001498d0480 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001498d03a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001498d02f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000001498d0350 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000001498d0290 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001498d02b0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001498d03d0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000001498d0330 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000001498d0410 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000001498d0240 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001498d01e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000001498d0250 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000001498d0490 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001498d04a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000001498d0300 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000001498d0360 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001498d02a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001498d02c0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000001498d0380 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000001498d0340 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000001498d0440 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000001498d0260 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000001498d0270 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000001498d0400 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001498d01f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000001498d0210 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000001498d0200 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000001498d0420 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000001498d0430 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000001498d0220 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000001498d0280 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\services.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\lsass.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\lsm.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\winlogon.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\nvvsvc.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\svchost.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\svchost.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\WLANExt.exe[1320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[1372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\nvvsvc.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\taskeng.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\taskhost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\Dwm.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 0000000100070280 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\Explorer.EXE[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76] .text ... * 2 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\igfxtray.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\hkcmd.exe[2576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 0000000100070460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 0000000100070450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 0000000100070370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 0000000100070470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001000703e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 0000000100070320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001000703b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 0000000100070390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001000702d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 0000000100070310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001000703c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 0000000100070230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 0000000100070480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001000703a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001000702f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 0000000100070350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 0000000100070290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001000702b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001000703d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 0000000100070330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 0000000100070410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 0000000100070240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 0000000100070250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 0000000100070490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 0000000100070300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 0000000100070360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001000702a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001000702c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 0000000100070380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 0000000100070340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 0000000100070440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 0000000100070260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 0000000100070270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 0000000100070400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 0000000100070210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 0000000100070200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 0000000100070420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 0000000100070430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 0000000100070220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 0000000100070280 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Users\Agatka\AppData\Local\Akamai\netsession_win.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76] .text C:\Users\Agatka\AppData\Local\Akamai\netsession_win.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76] .text ... * 2 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[2344] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Users\Agatka\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76] .text C:\Users\Agatka\AppData\Local\Akamai\netsession_win.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76] .text ... * 2 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files (x86)\Launch Manager\LManager.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cd1465 2 bytes [CD, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cd14bb 2 bytes [CD, 76] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\igfxsrvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text D:\Programy\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3936] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077018791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\SearchIndexer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\system32\svchost.exe[4608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Windows\System32\svchost.exe[4624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077571360 5 bytes JMP 00000000776d0460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775713b0 5 bytes JMP 00000000776d0450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077571510 5 bytes JMP 00000000776d0370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077571560 5 bytes JMP 00000000776d0470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077571570 5 bytes JMP 00000000776d03e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077571620 5 bytes JMP 00000000776d0320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077571650 5 bytes JMP 00000000776d03b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077571670 5 bytes JMP 00000000776d0390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775716b0 5 bytes JMP 00000000776d02e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077571730 5 bytes JMP 00000000776d02d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077571750 5 bytes JMP 00000000776d0310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077571790 5 bytes JMP 00000000776d03c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775717e0 5 bytes JMP 00000000776d03f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077571940 5 bytes JMP 00000000776d0230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077571b00 5 bytes JMP 00000000776d0480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077571b30 5 bytes JMP 00000000776d03a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077571c10 5 bytes JMP 00000000776d02f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077571c20 5 bytes JMP 00000000776d0350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077571c80 5 bytes JMP 00000000776d0290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077571d10 5 bytes JMP 00000000776d02b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077571d30 5 bytes JMP 00000000776d03d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077571d40 5 bytes JMP 00000000776d0330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077571db0 5 bytes JMP 00000000776d0410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077571de0 5 bytes JMP 00000000776d0240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775720a0 5 bytes JMP 00000000776d01e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077572160 5 bytes JMP 00000000776d0250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077572190 5 bytes JMP 00000000776d0490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775721a0 5 bytes JMP 00000000776d04a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775721d0 5 bytes JMP 00000000776d0300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775721e0 5 bytes JMP 00000000776d0360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077572240 5 bytes JMP 00000000776d02a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077572290 5 bytes JMP 00000000776d02c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775722c0 5 bytes JMP 00000000776d0380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775722d0 5 bytes JMP 00000000776d0340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775725c0 5 bytes JMP 00000000776d0440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775727c0 5 bytes JMP 00000000776d0260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775727d0 5 bytes JMP 00000000776d0270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775727e0 5 bytes JMP 00000000776d0400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775729a0 5 bytes JMP 00000000776d01f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775729b0 5 bytes JMP 00000000776d0210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077572a20 5 bytes JMP 00000000776d0200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077572a80 5 bytes JMP 00000000776d0420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077572a90 5 bytes JMP 00000000776d0430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077572aa0 5 bytes JMP 00000000776d0220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077572b80 5 bytes JMP 00000000776d0280 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [3776](2014-03-11 12:37:29) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [3776](2014-03-11 12:37:29) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [3776](2014-03-11 12:37:29) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [3776](2014-03-11 12:37:29) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a4173110f46c Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{98F065B8-2E03-4C88-B6BD-EE4D919B3E9A}@LeaseObtainedTime 1427300114 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{98F065B8-2E03-4C88-B6BD-EE4D919B3E9A}@T1 1427300241 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{98F065B8-2E03-4C88-B6BD-EE4D919B3E9A}@T2 1427300337 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{98F065B8-2E03-4C88-B6BD-EE4D919B3E9A}@LeaseTerminatesTime 1427300369 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a4173110f46c (not active ControlSet) ---- EOF - GMER 2.1 ----