ivegotnoclue | 02.10.2013 13:10 | GMER - Teil 2 Code:
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes CALL 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes JMP 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feffb2a1a0 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007feffb4fa50 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes JMP 5000000
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes JMP 8ec0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes JMP 7f04f11
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes JMP 647701
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes JMP 8706491
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes JMP 40004
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes JMP 7c501
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes JMP 87937d9
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes JMP 87055b9
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes JMP 8840099
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes JMP 63501
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes JMP 85201
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes JMP 8d967f0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes JMP 4
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes JMP 8e01c80
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes JMP aba7
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes JMP 0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feffb2a1a0 6 bytes JMP 6f25
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007feffb4fa50 6 bytes JMP cfc
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes JMP 158500
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes JMP 18000
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes JMP 87c8a20
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff9f4750 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes JMP 0
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007feffb4fa50 6 bytes {JMP QWORD [RIP+0xf05e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes JMP 33
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes JMP 0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes CALL 0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes JMP 0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes JMP 0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes JMP 15dbc0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes JMP 0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes JMP 30302420
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes JMP 0
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x824648]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x7fac20]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff9f4750 6 bytes {JMP QWORD [RIP+0x26b8e0]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007feffb4fa50 6 bytes JMP 0
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 12]
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 0D]
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessA 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefe269055 3 bytes [B5, 6F, 12]
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]} |