GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-30 22:04:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JE3Z 465,76GB Running: jhnmqgsg.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\pxldapog.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 000000014a320460 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 000000014a320450 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 000000014a320370 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 000000014a320470 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 000000014a3203e0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 000000014a320320 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 000000014a3203b0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 000000014a320390 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 000000014a3202e0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 000000014a3202d0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 000000014a320310 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 000000014a3203c0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 000000014a3203f0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 000000014a320230 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 000000014a320480 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 000000014a3203a0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 000000014a3202f0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 000000014a320350 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 000000014a320290 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 000000014a3202b0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 000000014a3203d0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 000000014a320330 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 000000014a320410 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 000000014a320240 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 000000014a3201e0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 000000014a320250 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 000000014a320490 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 000000014a3204a0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 000000014a320300 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 000000014a320360 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 000000014a3202a0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 000000014a3202c0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 000000014a320380 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 000000014a320340 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 000000014a320440 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 000000014a320260 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 000000014a320270 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 000000014a320400 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 000000014a3201f0 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 000000014a320210 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 000000014a320200 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 000000014a320420 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 000000014a320430 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 000000014a320220 .text C:\windows\system32\csrss.exe[456] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 000000014a320280 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 000000014a320460 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 000000014a320450 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 000000014a320370 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 000000014a320470 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 000000014a3203e0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 000000014a320320 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 000000014a3203b0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 000000014a320390 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 000000014a3202e0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 000000014a3202d0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 000000014a320310 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 000000014a3203c0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 000000014a3203f0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 000000014a320230 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 000000014a320480 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 000000014a3203a0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 000000014a3202f0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 000000014a320350 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 000000014a320290 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 000000014a3202b0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 000000014a3203d0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 000000014a320330 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 000000014a320410 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 000000014a320240 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 000000014a3201e0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 000000014a320250 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 000000014a320490 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 000000014a3204a0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 000000014a320300 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 000000014a320360 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 000000014a3202a0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 000000014a3202c0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 000000014a320380 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 000000014a320340 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 000000014a320440 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 000000014a320260 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 000000014a320270 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 000000014a320400 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 000000014a3201f0 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 000000014a320210 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 000000014a320200 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 000000014a320420 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 000000014a320430 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 000000014a320220 .text C:\windows\system32\csrss.exe[560] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 000000014a320280 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\wininit.exe[568] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\winlogon.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\services.exe[664] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\lsass.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\lsm.exe[680] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\svchost.exe[772] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[876] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\svchost.exe[1012] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\System32\svchost.exe[368] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[452] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[564] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[1132] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\WLANExt.exe[1232] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\atieclxx.exe[1284] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\Dwm.exe[1576] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\Explorer.EXE[1596] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\windows\System32\spoolsv.exe[1756] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[1816] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\taskhost.exe[1856] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Windows\System32\hkcmd.exe[1028] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Windows\System32\igfxpers.exe[1124] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[1556] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[1672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000021401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000021419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000021431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000002144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000000214dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000000214f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000002150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000021525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000002153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000021555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000002156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000021585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000002159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000000215b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000000215cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000000216b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000000216bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076798791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2656] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2188] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000021401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000021419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000021431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000002144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000000214dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000000214f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000002150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000021525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000002153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000021555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000002156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000021585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000002159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000000215b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000000215cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000000216b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\Updater.exe[3344] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000000216bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\wbem\wmiprvse.exe[3664] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\SearchIndexer.exe[1480] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000000171401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000000171419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000000171431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000000017144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000001714dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000001714f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000000017150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000000171525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000000017153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000000171555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000000017156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000000171585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000000017159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000001715b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000001715cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000001716b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[2040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000001716bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4308] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugincontainer.exe[5060] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\windows\system32\wbem\unsecapp.exe[3600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\svchost.exe[5024] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4996] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5096] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 767bb21b C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 767bb346 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76838ea9 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 767948ad C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 768387a2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 76838978 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76838698 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 76838a62 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 767afca8 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 767b68ef C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 76838f61 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76838ac2 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 7683865c C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 767afd41 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 767bb2dc C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76838e24 C:\windows\syswow64\kernel32.dll .text C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e\plugins\3\plugin.exe[5040] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 768385f1 C:\windows\syswow64\kernel32.dll .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\System32\svchost.exe[3908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 0000000100070460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 0000000100070370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 0000000100070470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 0000000100070320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 0000000100070390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 0000000100070310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 0000000100070230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 0000000100070250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 0000000100070490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5172] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 0000000100070280 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\AUDIODG.EXE[5276] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077391360 5 bytes JMP 00000000774f0460 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773913b0 5 bytes JMP 00000000774f0450 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077391510 5 bytes JMP 00000000774f0370 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077391560 5 bytes JMP 00000000774f0470 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077391570 5 bytes JMP 00000000774f03e0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077391620 5 bytes JMP 00000000774f0320 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077391650 5 bytes JMP 00000000774f03b0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077391670 5 bytes JMP 00000000774f0390 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773916b0 5 bytes JMP 00000000774f02e0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077391730 5 bytes JMP 00000000774f02d0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077391750 5 bytes JMP 00000000774f0310 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077391790 5 bytes JMP 00000000774f03c0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773917e0 5 bytes JMP 00000000774f03f0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077391940 5 bytes JMP 00000000774f0230 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077391b00 5 bytes JMP 00000000774f0480 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077391b30 5 bytes JMP 00000000774f03a0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077391c10 5 bytes JMP 00000000774f02f0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077391c20 5 bytes JMP 00000000774f0350 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077391c80 5 bytes JMP 00000000774f0290 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077391d10 5 bytes JMP 00000000774f02b0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077391d30 5 bytes JMP 00000000774f03d0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077391d40 5 bytes JMP 00000000774f0330 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077391db0 5 bytes JMP 00000000774f0410 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077391de0 5 bytes JMP 00000000774f0240 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773920a0 5 bytes JMP 00000000774f01e0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077392160 5 bytes JMP 00000000774f0250 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077392190 5 bytes JMP 00000000774f0490 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773921a0 5 bytes JMP 00000000774f04a0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773921d0 5 bytes JMP 00000000774f0300 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773921e0 5 bytes JMP 00000000774f0360 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077392240 5 bytes JMP 00000000774f02a0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077392290 5 bytes JMP 00000000774f02c0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773922c0 5 bytes JMP 00000000774f0380 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773922d0 5 bytes JMP 00000000774f0340 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773925c0 5 bytes JMP 00000000774f0440 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773927c0 5 bytes JMP 00000000774f0260 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773927d0 5 bytes JMP 00000000774f0270 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773927e0 5 bytes JMP 00000000774f0400 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773929a0 5 bytes JMP 00000000774f01f0 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773929b0 5 bytes JMP 00000000774f0210 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077392a20 5 bytes JMP 00000000774f0200 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077392a80 5 bytes JMP 00000000774f0420 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077392a90 5 bytes JMP 00000000774f0430 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077392aa0 5 bytes JMP 00000000774f0220 .text C:\windows\system32\taskeng.exe[4988] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077392b80 5 bytes JMP 00000000774f0280 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1596] (GG drive overlay/GG Network S.A.)(2014-12-19 01:35:11) 000000005c080000 Library C:\Users\krzysztof\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1596] (GG drive menu/GG Network S.A.)(2014-12-19 01:35:32) 000000005ff80000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819eb823f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819eb823f (not active ControlSet) ---- EOF - GMER 2.1 ----