GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-08-04 19:00:07 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD322HJ rev.1AC01118 298,09GB Running: m3bc3qvp.exe; Driver: C:\Users\Fig\AppData\Local\Temp\ufddypow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[956] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0xffffffff892d4490} .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\Dwm.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000000070480 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000000070470 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000000070360 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000000070490 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 00000000000703d0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000000070310 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 00000000000703a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000000070380 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0xffffffff892d4490} .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 00000000000702d0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 00000000000702c0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000000070300 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 00000000000703b0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000000070440 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 00000000000703e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000000070220 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 00000000000704a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000000070390 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 00000000000702e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000000070340 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000000070280 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 00000000000702a0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 00000000000703c0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000000070320 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000000070410 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000000070230 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 00000000000703f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 00000000000701d0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000000070240 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 00000000000704b0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 00000000000704c0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 00000000000702f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000000070350 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000000070290 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 00000000000702b0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000000070370 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000000070330 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000000070460 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000000070420 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000000070250 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000000070260 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000000070400 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 00000000000701e0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000000070200 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 00000000000701f0 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000000070430 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000000070450 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000000070210 .text C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\taskeng.exe[2120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2372] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076a38791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072de17fa 2 bytes CALL 76a311a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072de1860 2 bytes CALL 76a311a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072de1942 2 bytes JMP 74df7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072de194d 2 bytes JMP 74dfcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 76a5b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 76a5b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76ad90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 76a348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76ad89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 76ad8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 76ad88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76ad8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 76a4fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 76a56937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76ad91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76ad8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 76ad88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 76a4fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 76a5b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76ad906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76ad8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0xffffffff892d4490} .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\svchost.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\System32\svchost.exe[4772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 76a5b263 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 76a5b38e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76ad90f1 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 76a348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76ad89ea C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 76ad8bc0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 76ad88e0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76ad8caa C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 76a4fce8 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 76a56937 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76ad91a9 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76ad8d0a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 76ad88a4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 76a4fd81 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 76a5b324 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76ad906c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76ad8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\DllHost.exe[4700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000076f00480 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000076f00470 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000076f00360 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000076f00490 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 0000000076f003d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000076f00310 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 0000000076f003a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000076f00380 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0x164490} .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 0000000076f002d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 0000000076f002c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000076f00300 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 0000000076f003b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000076f00440 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 0000000076f003e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000076f00220 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 0000000076f004a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000076f00390 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 0000000076f002e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000076f00340 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000076f00280 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 0000000076f002a0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 0000000076f003c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000076f00320 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000076f00410 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000076f00230 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 0000000076f003f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 0000000076f001d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000076f00240 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 0000000076f004b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 0000000076f004c0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 0000000076f002f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000076f00350 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000076f00290 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 0000000076f002b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000076f00370 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000076f00330 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000076f00460 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000076f00420 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000076f00250 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000076f00260 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000076f00400 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 0000000076f001e0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000076f00200 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 0000000076f001f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000076f00430 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000076f00450 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000076f00210 .text C:\Windows\system32\wbem\wmiprvse.exe[5156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000076f00270 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074dd1401 2 bytes JMP 76a5b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074dd1419 2 bytes JMP 76a5b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074dd1431 2 bytes JMP 76ad90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074dd144a 2 bytes CALL 76a348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074dd14dd 2 bytes JMP 76ad89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074dd14f5 2 bytes JMP 76ad8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074dd150d 2 bytes JMP 76ad88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074dd1525 2 bytes JMP 76ad8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074dd153d 2 bytes JMP 76a4fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074dd1555 2 bytes JMP 76a56937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074dd156d 2 bytes JMP 76ad91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074dd1585 2 bytes JMP 76ad8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074dd159d 2 bytes JMP 76ad88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074dd15b5 2 bytes JMP 76a4fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074dd15cd 2 bytes JMP 76a5b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074dd16b2 2 bytes JMP 76ad906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074dd16bd 2 bytes JMP 76ad8839 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d9bbe0 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d9bc30 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d9bd90 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d9bde0 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d9bdf0 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d9bea0 5 bytes JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d9bed0 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d9bef0 1 byte JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 2 0000000076d9bef2 3 bytes {JMP 0xffffffff892d4490} .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d9bf30 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d9bfb0 5 bytes JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d9bfd0 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d9c010 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d9c050 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d9c060 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d9c1c0 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d9c380 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d9c3b0 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d9c490 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d9c4a0 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d9c500 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d9c590 5 bytes JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d9c5b0 5 bytes JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d9c5c0 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d9c630 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d9c660 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d9c800 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d9c920 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d9c9e0 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d9ca10 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d9ca20 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d9ca50 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d9ca60 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d9cac0 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d9cb10 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d9cb40 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d9cb50 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d9ce40 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d9cfa0 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d9d040 5 bytes JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d9d050 5 bytes JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d9d060 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d9d220 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d9d230 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d9d2a0 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d9d300 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d9d310 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d9d320 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d9d400 5 bytes JMP 0000000000070270 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7feec28741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7feec285f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7feec285674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7feec285e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7feec287f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7feec286a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7feec286ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7feec287b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7feec287ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7feec2878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7feec284fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7feec285d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7feec287584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4460:4964] 000007fefb302ae8 Thread C:\Windows\System32\svchost.exe [5796:2964] 000007fee02f9688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14672274844712272@SetupOperations ?????????????????????g???????????????????????????w???-?-?-?-?-?-?????-?-?-?-?-?-????\??\C:\pagefile.sys??????????????{???????????????????????-???F???,?,?-?-?-?sF7???????????A???????-?-?-?-?-?s?????????????-???????-?-?-?-?-?s?e???-?-?-?-?-?-?7???-?-?-?-?-?-?0???????????-???y???????s???????????????????????????0??????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????????????????????\Device\LanmanRedirector????Microsoft Windows Network?????N??s?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??s??????????????%SystemRoot%\System32\ntlanman.dll???????s?s?s?s????? ???????s???????????s????????0?B??? ???????????? B??s??????????????%SystemRoot%\System32\wkssvc.dll?????s???????????????????????????????????????????????d???????????????????????e?????s?????t??????????????????????????????????????????ms???s?s?s?s?s?s???????s???s???s????????? ???????n?????s?????s????????&????????????????????????????????y????? ???????s???????????????????????????????g??? ???????n?????s???????,?????? ?`????????S???k?k?s?s?s?s?~??@%s Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\Instup_14672275254222272@SetupOperations ?????????????????????????????g???????????????????????????w???-?-?-?-?-?-?????-?-?-?-?-?-????\??\C:\pagefile.sys??????????????{???????????????????????-???F???,?,?-?-?-?sF7???????????A???????-?-?-?-?-?s?????????????-???????-?-?-?-?-?s?e???-?-?-?-?-?-?7???-?-?-?-?-?-?0???????????-???y???????s???????????????????????????0??????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????????????????????\Device\LanmanRedirector????Microsoft Windows Network?????N??s?????????e????@%systemroot%\system32\wkssvc.dll,-102????????F??s??????????????%SystemRoot%\System32\ntlanman.dll???????s?s?s?s????? ???????s???????????s????????0?B??? ???????????? B??s??????????????%SystemRoot%\System32\wkssvc.dll?????s???????????????????????????????????????????????d???????????????????????e?????s?????t??????????????????????????????????????????ms???s?s?s?s?s?s???????s???s???s????????? ???????n?????s?????s????????&????????????????????????????????y????? ???????s???????????????????????????????g??? ???????n?????s???????,?????? ?`????????S???k?k?s?s?s? Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x90 0xDB 0x91 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14672274844712272@SetupOperations ????????Microsoft?????N??????s?????Dm3???????????e???h??????????????????????????????????Realtek HDA HDMI Out?E???????????????????d??storage\volume??????@input.inf,%stdmfg%;(Standard system devices)????????????????????????????????????????????????????{???????s??hid\vid_046d&pid_c24f&mi_00??????????????????????C??????eg???????????t?????sy????????????1??????????? ??????y?????y?e??Realtek HD Audio AUX input???+????????X?????????????? ??????????????????????????????N?????????????s?????Realtek HDA HDMI Out????LGBusEnum???? ????????????????????????"???????p?????????????t ??Realtek HD Audio Front Line input????????????????????????????????e??\F??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=K:\Gry\Origin Games\Battlefield 3\bf3.exe|Name=Battlefield 3?|?D??f}\0004?????? ??????????????????aswHdsKe?????????????t???????o?o?o?o?o?o???o?o??????????@usb.inf,%generic.mfg%;(Standard USB Host Controller)???{17CCA71B-ECD7-11D0-B908-00A0C9223196}?lte??????????????????.c??????????????????????? ???????}????? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14672275254222272@SetupOperations ?????????????????D??\D??? ????????????????????????????????????????X?? ??????????????????????????????????????????? ????????????????????????????????????????(??????????&??V_????????$??????t??io???h?h?h?h?j?h?j?j?j??? h?? ????????????????????????????????????????????s9-0???????????????????s(??????????????????????????????9??????? ??????????????????????????????????&????????????????????1x?? ???????????????????????????????????????? ?????????????{1????(??????n??rk??{71a27cdd-812a-11d0-bec7-08002be2092f}\0012?c:????????????????X?{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????>?????????????input.inf:Standard.NTamd64:HID_Raw_Inst:6.1.7601.18199::hid_device_system_game??????@keyboard.inf,%hid.keyboarddevice%;HID Keyboard Device?ard??@keyboard.inf,%std-keyboards%;(Standard keyboards)?evi??????????????ev???????????N??BT???}?}?}???????????????????????{???u??? ???k????????????X?? ???????????????????????????????????????f??? n?????????????????HID_Keyboard_Inst????p?p?p?p?p?p?p?p?p?p?p ??????????_??00??HIDClass??8???????????????? Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC5 0x90 0xDB 0x91 ... ---- EOF - GMER 2.2 ----