GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-17 17:37:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB Running: 9bnxt96w.exe; Driver: C:\Users\ALEKSA~1\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 000000014a350460 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 000000014a350450 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 000000014a350370 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 000000014a350470 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000014a3503e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 000000014a350320 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 000000014a3503b0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 000000014a350390 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 000000014a3502e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 000000014a3502d0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 000000014a350310 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 000000014a3503c0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 000000014a3503f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 000000014a350230 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 000000014a350480 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 000000014a3503a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 000000014a3502f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 000000014a350350 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 000000014a350290 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 000000014a3502b0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 000000014a3503d0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 000000014a350330 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 000000014a350410 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 000000014a350240 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 000000014a3501e0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 000000014a350250 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 000000014a350490 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 000000014a3504a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 000000014a350300 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 000000014a350360 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 000000014a3502a0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 000000014a3502c0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 000000014a350380 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 000000014a350340 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 000000014a350440 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 000000014a350260 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 000000014a350270 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 000000014a350400 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 000000014a3501f0 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 000000014a350210 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 000000014a350200 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 000000014a350420 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 000000014a350430 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 000000014a350220 .text C:\Windows\system32\csrss.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 000000014a350280 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\wininit.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 000000014a350460 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 000000014a350450 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 000000014a350370 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 000000014a350470 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000014a3503e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 000000014a350320 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 000000014a3503b0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 000000014a350390 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 000000014a3502e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 000000014a3502d0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 000000014a350310 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 000000014a3503c0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 000000014a3503f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 000000014a350230 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 000000014a350480 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 000000014a3503a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 000000014a3502f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 000000014a350350 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 000000014a350290 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 000000014a3502b0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 000000014a3503d0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 000000014a350330 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 000000014a350410 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 000000014a350240 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 000000014a3501e0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 000000014a350250 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 000000014a350490 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 000000014a3504a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 000000014a350300 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 000000014a350360 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 000000014a3502a0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 000000014a3502c0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 000000014a350380 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 000000014a350340 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 000000014a350440 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 000000014a350260 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 000000014a350270 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 000000014a350400 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 000000014a3501f0 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 000000014a350210 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 000000014a350200 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 000000014a350420 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 000000014a350430 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 000000014a350220 .text C:\Windows\system32\csrss.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 000000014a350280 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\services.exe[728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\lsass.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\lsm.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\winlogon.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\nvvsvc.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Windows\System32\svchost.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\System32\svchost.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\AUDIODG.EXE[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\nvvsvc.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\Explorer.EXE[1616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[1904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Apoint\Apoint.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\taskhost.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\taskeng.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Zune\ZuneLauncher.exe[2160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\System32\spoolsv.exe[2804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\AVAST Software\Avast\afwServ.exe[2888] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000759d8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\XTab\ProtectService.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\XTab\ProtectService.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2248] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000759d8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files\AVAST Software\Avast\avastui.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\XTab\cmdshell.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\XTab\cmdshell.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\mfevtps.exe[3156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 00000001000a0460 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 00000001000a0450 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 00000001000a0370 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 00000001000a0470 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000a03e0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 00000001000a0320 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000a03b0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 00000001000a0390 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000a02e0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000a02d0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 00000001000a0310 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000a03c0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000a03f0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 00000001000a0230 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 00000001000a0480 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000a03a0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000a02f0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 00000001000a0350 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 00000001000a0290 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000a02b0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000a03d0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 00000001000a0330 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 00000001000a0410 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 00000001000a0240 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000a01e0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 00000001000a0250 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 00000001000a0490 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000a04a0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 00000001000a0300 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 00000001000a0360 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000a02a0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000a02c0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 00000001000a0380 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 00000001000a0340 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 00000001000a0440 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 00000001000a0260 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 00000001000a0270 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001000a0400 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000a01f0 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 00000001000a0210 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 00000001000a0200 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 00000001000a0420 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 00000001000a0430 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 00000001000a0220 .text C:\Windows\SysWOW64\rundll32.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 00000001000a0280 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\rundll32.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\XTab\HPNotify.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\XTab\HPNotify.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[6540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[6908] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\McAfee\MSC\McAPExe.exe[7032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\conhost.exe[7104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[7156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[7116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[7288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\iPod\bin\iPodService.exe[7332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\SearchIndexer.exe[7516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[7840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[7964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Apoint\ApMsgFwd.exe[8716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe[8828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Apoint\Apvfb.exe[8932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Apoint\Apntex.exe[8940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100040460 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100040450 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100040370 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100040470 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000403e0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100040320 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000403b0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100040390 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000402e0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000402d0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100040310 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000403c0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000403f0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100040230 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100040480 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000403a0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000402f0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100040350 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100040290 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000402b0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000403d0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100040330 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100040410 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100040240 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000401e0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100040250 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100040490 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000404a0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100040300 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100040360 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000402a0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000402c0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100040380 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100040340 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100040440 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100040260 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100040270 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100040400 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000401f0 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100040210 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100040200 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100040420 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100040430 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100040220 .text C:\Windows\system32\conhost.exe[8960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100040280 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\svchost.exe[9012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\System32\svchost.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100060460 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100060450 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100060370 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100060470 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000603e0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100060320 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000603b0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100060390 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000602e0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000602d0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100060310 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000603c0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000603f0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100060230 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100060480 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000603a0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000602f0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100060350 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100060290 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000602b0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000603d0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100060330 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100060410 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100060240 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000601e0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100060250 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100060490 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000604a0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100060300 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100060360 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000602a0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000602c0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100060380 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100060340 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100060440 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100060260 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100060270 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100060400 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000601f0 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100060210 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100060200 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100060420 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100060430 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100060220 .text C:\Windows\system32\DllHost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100060280 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Windows\system32\wbem\unsecapp.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\wbem\wmiprvse.exe[6096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe[7692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[9248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000100070460 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000100070450 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000100070370 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000100070470 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 00000001000703e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000100070320 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 00000001000703b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000100070390 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 00000001000702e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 00000001000702d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000100070310 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 00000001000703c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 00000001000703f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000100070230 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000100070480 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 00000001000703a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 00000001000702f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000100070350 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000100070290 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 00000001000702b0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 00000001000703d0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000100070330 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000100070410 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000100070240 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 00000001000701e0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000100070250 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000100070490 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 00000001000704a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000100070300 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000100070360 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 00000001000702a0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 00000001000702c0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000100070380 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000100070340 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000100070440 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000100070260 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000100070270 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000100070400 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 00000001000701f0 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000100070210 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000100070200 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000100070420 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000100070430 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000100070220 .text C:\Program Files\Sony\VAIO Update 5\VUAgent.exe[9508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000100070280 .text C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[9692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[9692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe[7504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Dynamo Combo\updateDynamoCombo.exe[7504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Program Files\Sony\VAIO Care\VCAgent.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\System32\vds.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\wuauclt.exe[8512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077971360 5 bytes JMP 0000000077ad0460 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779713b0 5 bytes JMP 0000000077ad0450 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077971510 5 bytes JMP 0000000077ad0370 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077971560 5 bytes JMP 0000000077ad0470 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 0000000077ad03e0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077971620 5 bytes JMP 0000000077ad0320 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077971650 5 bytes JMP 0000000077ad03b0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077971670 5 bytes JMP 0000000077ad0390 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779716b0 5 bytes JMP 0000000077ad02e0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077971730 5 bytes JMP 0000000077ad02d0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077971750 5 bytes JMP 0000000077ad0310 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077971790 5 bytes JMP 0000000077ad03c0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779717e0 5 bytes JMP 0000000077ad03f0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077971940 5 bytes JMP 0000000077ad0230 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077971b00 5 bytes JMP 0000000077ad0480 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077971b30 5 bytes JMP 0000000077ad03a0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077971c10 5 bytes JMP 0000000077ad02f0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077971c20 5 bytes JMP 0000000077ad0350 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077971c80 5 bytes JMP 0000000077ad0290 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077971d10 5 bytes JMP 0000000077ad02b0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077971d30 5 bytes JMP 0000000077ad03d0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077971d40 5 bytes JMP 0000000077ad0330 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077971db0 5 bytes JMP 0000000077ad0410 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077971de0 5 bytes JMP 0000000077ad0240 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779720a0 5 bytes JMP 0000000077ad01e0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077972160 5 bytes JMP 0000000077ad0250 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077972190 5 bytes JMP 0000000077ad0490 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779721a0 5 bytes JMP 0000000077ad04a0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779721d0 5 bytes JMP 0000000077ad0300 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779721e0 5 bytes JMP 0000000077ad0360 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077972240 5 bytes JMP 0000000077ad02a0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077972290 5 bytes JMP 0000000077ad02c0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779722c0 5 bytes JMP 0000000077ad0380 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779722d0 5 bytes JMP 0000000077ad0340 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779725c0 5 bytes JMP 0000000077ad0440 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779727c0 5 bytes JMP 0000000077ad0260 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779727d0 5 bytes JMP 0000000077ad0270 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 0000000077ad0400 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779729a0 5 bytes JMP 0000000077ad01f0 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779729b0 5 bytes JMP 0000000077ad0210 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077972a20 5 bytes JMP 0000000077ad0200 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077972a80 5 bytes JMP 0000000077ad0420 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077972a90 5 bytes JMP 0000000077ad0430 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077972aa0 5 bytes JMP 0000000077ad0220 .text C:\Windows\system32\DllHost.exe[5052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077972b80 5 bytes JMP 0000000077ad0280 .text C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe[10176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b61465 2 bytes [B6, 76] .text C:\Program Files (x86)\Dynamo Combo\bin\utilDynamoCombo.exe[10176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b614bb 2 bytes [B6, 76] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\mfevtps.exe[3156] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fc0bbb0] C:\Windows\system32\mfevtps.exe ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2712] (WindowsProtectManger Service/Fuyu LIMITED)(2015-01-11 22:43:03) 0000000000f40000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737a5a7dc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737a5a7dc@10683f0f67b3 0x75 0x76 0xD6 0x61 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737a5a7dc@f41ba1d212b7 0x0D 0x77 0x01 0x33 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737a5a7dc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737a5a7dc@10683f0f67b3 0x75 0x76 0xD6 0x61 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737a5a7dc@f41ba1d212b7 0x0D 0x77 0x01 0x33 ... ---- EOF - GMER 2.1 ----