GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-07 23:02:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC3Z 298,09GB Running: hx2q2bqq.exe; Driver: C:\Users\Daglezja\AppData\Local\Temp\fgryqpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 000000014a3b0460 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 000000014a3b0450 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 000000014a3b0370 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 000000014a3b0470 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 000000014a3b03e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 000000014a3b0320 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 000000014a3b03b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 000000014a3b0390 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 000000014a3b02e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 000000014a3b02d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 000000014a3b0310 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 000000014a3b03c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 000000014a3b03f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 000000014a3b0230 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 000000014a3b0480 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 000000014a3b03a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 000000014a3b02f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 000000014a3b0350 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 000000014a3b0290 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 000000014a3b02b0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 000000014a3b03d0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 000000014a3b0330 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 000000014a3b0410 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 000000014a3b0240 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 000000014a3b01e0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 000000014a3b0250 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 000000014a3b0490 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 000000014a3b04a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 000000014a3b0300 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 000000014a3b0360 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 000000014a3b02a0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 000000014a3b02c0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 000000014a3b0380 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 000000014a3b0340 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 000000014a3b0440 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 000000014a3b0260 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 000000014a3b0270 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 000000014a3b0400 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 000000014a3b01f0 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 000000014a3b0210 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 000000014a3b0200 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 000000014a3b0420 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 000000014a3b0430 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 000000014a3b0220 .text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 000000014a3b0280 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\services.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\winlogon.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[444] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\Explorer.EXE[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\svchost.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe[2296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[3120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Program Files\AVAST Software\Avast\avastui.exe[3180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075cc8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\SearchIndexer.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000100070280 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c8dc60 5 bytes JMP 0000000077df0460 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c8dcb0 5 bytes JMP 0000000077df0450 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c8de10 5 bytes JMP 0000000077df0370 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c8de60 5 bytes JMP 0000000077df0470 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c8de70 5 bytes JMP 0000000077df03e0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c8df20 5 bytes JMP 0000000077df0320 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c8df50 5 bytes JMP 0000000077df03b0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c8df70 5 bytes JMP 0000000077df0390 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c8dfb0 5 bytes JMP 0000000077df02e0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c8e030 5 bytes JMP 0000000077df02d0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c8e050 5 bytes JMP 0000000077df0310 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c8e090 5 bytes JMP 0000000077df03c0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c8e0e0 5 bytes JMP 0000000077df03f0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c8e240 5 bytes JMP 0000000077df0230 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c8e400 5 bytes JMP 0000000077df0480 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c8e430 5 bytes JMP 0000000077df03a0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c8e510 5 bytes JMP 0000000077df02f0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c8e520 5 bytes JMP 0000000077df0350 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c8e580 5 bytes JMP 0000000077df0290 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c8e610 5 bytes JMP 0000000077df02b0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c8e630 5 bytes JMP 0000000077df03d0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c8e640 5 bytes JMP 0000000077df0330 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c8e6b0 5 bytes JMP 0000000077df0410 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c8e6e0 5 bytes JMP 0000000077df0240 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c8e9a0 5 bytes JMP 0000000077df01e0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c8ea60 5 bytes JMP 0000000077df0250 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c8ea90 5 bytes JMP 0000000077df0490 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c8eaa0 5 bytes JMP 0000000077df04a0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c8ead0 5 bytes JMP 0000000077df0300 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c8eae0 5 bytes JMP 0000000077df0360 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c8eb40 5 bytes JMP 0000000077df02a0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c8eb90 5 bytes JMP 0000000077df02c0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c8ebc0 5 bytes JMP 0000000077df0380 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c8ebd0 5 bytes JMP 0000000077df0340 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c8eec0 5 bytes JMP 0000000077df0440 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c8f0c0 5 bytes JMP 0000000077df0260 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c8f0d0 5 bytes JMP 0000000077df0270 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c8f0e0 5 bytes JMP 0000000077df0400 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c8f2a0 5 bytes JMP 0000000077df01f0 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c8f2b0 5 bytes JMP 0000000077df0210 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c8f320 5 bytes JMP 0000000077df0200 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c8f380 5 bytes JMP 0000000077df0420 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c8f390 5 bytes JMP 0000000077df0430 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c8f3a0 5 bytes JMP 0000000077df0220 .text C:\Windows\system32\AUDIODG.EXE[5996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c8f480 5 bytes JMP 0000000077df0280 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [3968:4000] 000007feffb9a808 Thread C:\Windows\System32\svchost.exe [3984:3556] 000007feeeba9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39546d9b6 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39546d9b6 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----