GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-09 16:53:03 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OCA1G 465,76GB Running: y8glrwze.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\uwddakob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!EngSetLastError + 624 fffff96000164ab4 8 bytes [C8, 15, C7, 03, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000193d00 7 bytes [80, A6, F3, FF, 01, B0, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000193d08 3 bytes [C0, 06, 02] .text ... * 115 .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 424 fffff96000252680 6 bytes {JMP QWORD [RIP-0xb334e]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 000000014a580460 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 000000014a580450 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 000000014a580370 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 000000014a580470 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 000000014a5803e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 000000014a580320 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 000000014a5803b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 000000014a580390 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 000000014a5802e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 000000014a5802d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 000000014a580310 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 000000014a5803c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 000000014a5803f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 000000014a580230 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 000000014a580480 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 000000014a5803a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 000000014a5802f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 000000014a580350 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 000000014a580290 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 000000014a5802b0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 000000014a5803d0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 000000014a580330 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 000000014a580410 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 000000014a580240 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 000000014a5801e0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 000000014a580250 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 000000014a580490 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 000000014a5804a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 000000014a580300 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 000000014a580360 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 000000014a5802a0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 000000014a5802c0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 000000014a580380 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 000000014a580340 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 000000014a580440 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 000000014a580260 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 000000014a580270 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 000000014a580400 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 000000014a5801f0 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 000000014a580210 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 000000014a580200 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 000000014a580420 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 000000014a580430 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 000000014a580220 .text C:\Windows\system32\csrss.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 000000014a580280 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\wininit.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 000000014a580460 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 000000014a580450 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 000000014a580370 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 000000014a580470 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 000000014a5803e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 000000014a580320 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 000000014a5803b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 000000014a580390 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 000000014a5802e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 000000014a5802d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 000000014a580310 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 000000014a5803c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 000000014a5803f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 000000014a580230 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 000000014a580480 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 000000014a5803a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 000000014a5802f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 000000014a580350 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 000000014a580290 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 000000014a5802b0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 000000014a5803d0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 000000014a580330 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 000000014a580410 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 000000014a580240 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 000000014a5801e0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 000000014a580250 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 000000014a580490 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 000000014a5804a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 000000014a580300 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 000000014a580360 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 000000014a5802a0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 000000014a5802c0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 000000014a580380 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 000000014a580340 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 000000014a580440 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 000000014a580260 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 000000014a580270 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 000000014a580400 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 000000014a5801f0 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 000000014a580210 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 000000014a580200 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 000000014a580420 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 000000014a580430 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 000000014a580220 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 000000014a580280 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\lsm.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\nvvsvc.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\nvvsvc.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\spoolsv.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Bonjour\mDNSResponder.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\taskeng.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\taskhost.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\Dwm.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\svchost.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\Explorer.EXE[2484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757a1465 2 bytes [7A, 75] .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757a14bb 2 bytes [7A, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [1644] entry point in ".rdata" section 00000000722f71e6 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[2876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[4024] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007533d03c 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757a1465 2 bytes [7A, 75] .text C:\Program Files\AVAST Software\Avast\avastui.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757a14bb 2 bytes [7A, 75] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\SearchIndexer.exe[3544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Program Files\iPod\bin\iPodService.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\wbem\unsecapp.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000077a50460 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000077a50450 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000077a50370 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000077a50470 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 0000000077a503e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000077a50320 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 0000000077a503b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000077a50390 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 0000000077a502e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 0000000077a502d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000077a50310 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 0000000077a503c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 0000000077a503f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000077a50230 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000077a50480 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 0000000077a503a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 0000000077a502f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000077a50350 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000077a50290 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 0000000077a502b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 0000000077a503d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000077a50330 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000077a50410 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000077a50240 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 0000000077a501e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000077a50250 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000077a50490 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 0000000077a504a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000077a50300 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000077a50360 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 0000000077a502a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 0000000077a502c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000077a50380 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000077a50340 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000077a50440 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000077a50260 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000077a50270 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000077a50400 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 0000000077a501f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000077a50210 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000077a50200 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000077a50420 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000077a50430 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000077a50220 .text C:\Windows\system32\wbem\wmiprvse.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000077a50280 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778ef760 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000778ef7b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000778ef910 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ef960 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ef970 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778efa20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778efa50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000778efa70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000778efab0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778efb30 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778efb50 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778efb90 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778efbe0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000778efd40 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778eff00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000778eff30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778f0010 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000778f0020 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778f0080 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778f0110 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778f0130 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000778f0140 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000778f01b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000778f01e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778f04a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000778f0560 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000778f0590 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000778f05a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000778f05d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000778f05e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000778f0640 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000778f0690 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000778f06c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000778f06d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000778f09c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000778f0bc0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000778f0bd0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778f0be0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778f0da0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000778f0db0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778f0e20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000778f0e80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000778f0e90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778f0ea0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000778f0f80 5 bytes JMP 0000000100070280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [4408:108] 000007fef5389688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bf5494 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bf5494@d45d428c507b 0x56 0x0E 0xB5 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bf5494 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bf5494@d45d428c507b 0x56 0x0E 0xB5 0xAC ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ADMIN\Downloads\AdwCleaner\x00a04.106.exe 1 ---- EOF - GMER 2.1 ----