GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-09 20:13:40 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: mgsbhtlx.exe; Driver: C:\Users\Sylwia\AppData\Local\Temp\kwwdipoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 000000004a0b0460 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 000000004a0b0450 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 000000004a0b0370 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 000000004a0b0470 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffffd2604690} .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 000000004a0b03e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 000000004a0b0320 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 000000004a0b03b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 000000004a0b0390 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 000000004a0b02e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 000000004a0b02d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 000000004a0b0310 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 000000004a0b03c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 000000004a0b03f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffffd2604390} .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 000000004a0b0230 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 000000004a0b0480 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 000000004a0b03a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 000000004a0b02f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 000000004a0b0350 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 000000004a0b0290 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffffd2603d90} .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 000000004a0b02b0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 000000004a0b03d0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 000000004a0b0330 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 000000004a0b0410 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 000000004a0b0240 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 000000004a0b01e0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 000000004a0b0250 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 000000004a0b0490 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 000000004a0b04a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 000000004a0b0300 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 000000004a0b0360 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 000000004a0b02a0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 000000004a0b02c0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 000000004a0b0380 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 000000004a0b0340 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 000000004a0b0440 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 000000004a0b0260 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 000000004a0b0270 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 000000004a0b0400 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 000000004a0b01f0 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 000000004a0b0210 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 000000004a0b0200 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 000000004a0b0420 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 000000004a0b0430 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 000000004a0b0220 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 000000004a0b0280 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 000000004a0b0460 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 000000004a0b0450 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 000000004a0b0370 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 000000004a0b0470 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffffd2604690} .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 000000004a0b03e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 000000004a0b0320 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 000000004a0b03b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 000000004a0b0390 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 000000004a0b02e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 000000004a0b02d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 000000004a0b0310 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 000000004a0b03c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 000000004a0b03f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffffd2604390} .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 000000004a0b0230 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 000000004a0b0480 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 000000004a0b03a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 000000004a0b02f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 000000004a0b0350 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 000000004a0b0290 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffffd2603d90} .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 000000004a0b02b0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 000000004a0b03d0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 000000004a0b0330 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 000000004a0b0410 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 000000004a0b0240 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 000000004a0b01e0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 000000004a0b0250 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 000000004a0b0490 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 000000004a0b04a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 000000004a0b0300 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 000000004a0b0360 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 000000004a0b02a0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 000000004a0b02c0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 000000004a0b0380 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 000000004a0b0340 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 000000004a0b0440 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 000000004a0b0260 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 000000004a0b0270 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 000000004a0b0400 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 000000004a0b01f0 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 000000004a0b0210 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 000000004a0b0200 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 000000004a0b0420 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 000000004a0b0430 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 000000004a0b0220 .text C:\Windows\system32\csrss.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 000000004a0b0280 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\services.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\winlogon.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\lsass.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\lsm.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\nvvsvc.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffff885c4690} .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffff885c4390} .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffff885c3d90} .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\System32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\WLANExt.exe[1460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\System32\spoolsv.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\taskhost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\Dwm.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\Explorer.EXE[2140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2516] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000756e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000000070460 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000000070450 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000000070370 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000000070470 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffff885c4690} .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 00000000000703e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000000070320 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 00000000000703b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000000070390 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 00000000000702e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 00000000000702d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000000070310 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 00000000000703c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 00000000000703f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffff885c4390} .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000000070230 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000000070480 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 00000000000703a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 00000000000702f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000000070350 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000000070290 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffff885c3d90} .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 00000000000702b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 00000000000703d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000000070330 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000000070410 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000000070240 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 00000000000701e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000000070250 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000000070490 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 00000000000704a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000000070300 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000000070360 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 00000000000702a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 00000000000702c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000000070380 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000000070340 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000000070440 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000000070260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000000070270 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000000070400 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 00000000000701f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000000070210 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000000070200 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000000070420 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000000070430 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000000070220 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000000070280 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\CxAudMsg64.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\System32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000000070450 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000000070370 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000000070470 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffff885c4690} .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000000070390 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000000070310 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 00000000000703f0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffff885c4390} .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000000070480 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000000070290 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffff885c3d90} .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000000070410 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000000070240 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000000070250 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000000070490 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000000070360 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000000070380 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000000070340 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000000070440 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000000070260 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000000070270 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000000070400 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000000070210 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000000070420 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000000070430 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000000070220 .text C:\Windows\system32\SearchIndexer.exe[2356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000000070450 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000000070370 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000000070470 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0xffffffff885c4690} .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000000070390 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000000070310 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 00000000000703f0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0xffffffff885c4390} .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000000070480 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000000070290 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0xffffffff885c3d90} .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000000070410 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000000070240 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000000070250 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000000070490 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000000070360 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000000070380 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000000070340 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000000070440 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000000070260 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000000070270 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000000070400 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000000070210 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000000070420 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000000070430 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000000070220 .text C:\Windows\system32\wbem\unsecapp.exe[3816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000000070280 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\servicing\TrustedInstaller.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\taskeng.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\svchost.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076561401 2 bytes JMP 7570b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076561419 2 bytes JMP 7570b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076561431 2 bytes JMP 757890f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007656144a 2 bytes CALL 756e48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765614dd 2 bytes JMP 757889ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765614f5 2 bytes JMP 75788bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007656150d 2 bytes JMP 757888e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076561525 2 bytes JMP 75788caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007656153d 2 bytes JMP 756ffce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076561555 2 bytes JMP 75706937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007656156d 2 bytes JMP 757891a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076561585 2 bytes JMP 75788d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007656159d 2 bytes JMP 757888a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765615b5 2 bytes JMP 756ffd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765615cd 2 bytes JMP 7570b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765616b2 2 bytes JMP 7578906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765616bd 2 bytes JMP 75788839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077aabbe0 5 bytes JMP 0000000077c10460 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077aabc30 5 bytes JMP 0000000077c10450 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077aabd90 5 bytes JMP 0000000077c10370 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077aabde0 1 byte JMP 0000000077c10470 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 0000000077aabde2 3 bytes {JMP 0x164690} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077aabdf0 5 bytes JMP 0000000077c103e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077aabea0 5 bytes JMP 0000000077c10320 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077aabed0 5 bytes JMP 0000000077c103b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077aabef0 5 bytes JMP 0000000077c10390 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077aabf30 5 bytes JMP 0000000077c102e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077aabfb0 5 bytes JMP 0000000077c102d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077aabfd0 5 bytes JMP 0000000077c10310 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077aac010 5 bytes JMP 0000000077c103c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077aac060 1 byte JMP 0000000077c103f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 2 0000000077aac062 3 bytes {JMP 0x164390} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077aac1c0 5 bytes JMP 0000000077c10230 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aac380 5 bytes JMP 0000000077c10480 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077aac3b0 5 bytes JMP 0000000077c103a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077aac490 5 bytes JMP 0000000077c102f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077aac4a0 5 bytes JMP 0000000077c10350 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077aac500 1 byte JMP 0000000077c10290 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 2 0000000077aac502 3 bytes {JMP 0x163d90} .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077aac590 5 bytes JMP 0000000077c102b0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077aac5b0 5 bytes JMP 0000000077c103d0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077aac5c0 5 bytes JMP 0000000077c10330 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077aac630 5 bytes JMP 0000000077c10410 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077aac660 5 bytes JMP 0000000077c10240 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077aac920 5 bytes JMP 0000000077c101e0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077aac9e0 5 bytes JMP 0000000077c10250 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077aaca10 5 bytes JMP 0000000077c10490 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077aaca20 5 bytes JMP 0000000077c104a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077aaca50 5 bytes JMP 0000000077c10300 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077aaca60 5 bytes JMP 0000000077c10360 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077aacac0 5 bytes JMP 0000000077c102a0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077aacb10 5 bytes JMP 0000000077c102c0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077aacb40 5 bytes JMP 0000000077c10380 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077aacb50 5 bytes JMP 0000000077c10340 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077aace40 5 bytes JMP 0000000077c10440 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077aad040 5 bytes JMP 0000000077c10260 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077aad050 5 bytes JMP 0000000077c10270 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077aad060 5 bytes JMP 0000000077c10400 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077aad220 5 bytes JMP 0000000077c101f0 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077aad230 5 bytes JMP 0000000077c10210 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077aad2a0 5 bytes JMP 0000000077c10200 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077aad300 5 bytes JMP 0000000077c10420 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077aad310 5 bytes JMP 0000000077c10430 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077aad320 5 bytes JMP 0000000077c10220 .text C:\Windows\system32\wbem\wmiprvse.exe[4232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077aad400 5 bytes JMP 0000000077c10280 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb99f7c5c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb99f7c5c@e492fbbc8e5f 0x3C 0x9B 0xD7 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb99f7c5c@f079597bfbf4 0xB6 0x66 0x31 0x5E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb99f7c5c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb99f7c5c@e492fbbc8e5f 0x3C 0x9B 0xD7 0x5B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb99f7c5c@f079597bfbf4 0xB6 0x66 0x31 0x5E ... ---- Files - GMER 2.2 ---- File C:\SysPart\Boot? 0 bytes ---- EOF - GMER 2.2 ----