GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-05 10:40:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000079 Crucial_ rev.MU01 119,24GB Running: gmer.exe; Driver: C:\Users\Remek\AppData\Local\Temp\uxldrpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 000000004a4e0480 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 000000004a4e0470 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 000000004a4e0360 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 000000004a4e0490 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 000000004a4e03d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 000000004a4e0310 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 000000004a4e03a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 000000004a4e0380 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 000000004a4e02d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 000000004a4e02c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x5f} .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 000000004a4e0300 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 000000004a4e03b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 000000004a4e0440 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 000000004a4e03e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 000000004a4e0220 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 000000004a4e04a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 000000004a4e0390 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 000000004a4e02e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 000000004a4e0340 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 000000004a4e0280 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 000000004a4e02a0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0xffffffffd35de590} .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 000000004a4e03c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0xffffffffd35de690} .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 000000004a4e0320 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 000000004a4e0410 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 000000004a4e0230 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 000000004a4e03f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 000000004a4e01d0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 000000004a4e0240 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 000000004a4e04b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 000000004a4e04c0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 000000004a4e02f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 000000004a4e0350 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 000000004a4e0290 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 000000004a4e02b0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 000000004a4e0370 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 000000004a4e0330 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 000000004a4e0460 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 000000004a4e0420 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 000000004a4e0250 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0xffffffffd35dda90} .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 000000004a4e0260 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0xffffffffd35dda90} .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 000000004a4e0400 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 000000004a4e01e0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 000000004a4e0200 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 000000004a4e01f0 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 000000004a4e0430 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 000000004a4e0450 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 000000004a4e0210 .text C:\Windows\system32\csrss.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 000000004a4e0270 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 000000004a4e0480 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 000000004a4e0470 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 000000004a4e0360 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 000000004a4e0490 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 000000004a4e03d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 000000004a4e0310 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 000000004a4e03a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 000000004a4e0380 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 000000004a4e02d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 000000004a4e02c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x5f} .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 000000004a4e0300 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 000000004a4e03b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 000000004a4e0440 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 000000004a4e03e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 000000004a4e0220 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 000000004a4e04a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 000000004a4e0390 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 000000004a4e02e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 000000004a4e0340 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 000000004a4e0280 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 000000004a4e02a0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0xffffffffd35de590} .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 000000004a4e03c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0xffffffffd35de690} .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 000000004a4e0320 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 000000004a4e0410 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 000000004a4e0230 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 000000004a4e03f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 000000004a4e01d0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 000000004a4e0240 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 000000004a4e04b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 000000004a4e04c0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 000000004a4e02f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 000000004a4e0350 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 000000004a4e0290 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 000000004a4e02b0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 000000004a4e0370 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 000000004a4e0330 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 000000004a4e0460 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 000000004a4e0420 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 000000004a4e0250 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0xffffffffd35dda90} .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 000000004a4e0260 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0xffffffffd35dda90} .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 000000004a4e0400 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 000000004a4e01e0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 000000004a4e0200 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 000000004a4e01f0 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 000000004a4e0430 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 000000004a4e0450 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 000000004a4e0210 .text C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 000000004a4e0270 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\System32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\Explorer.EXE[1784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\taskhost.exe[1832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[1900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Windows\SysWOW64\HsMgr.exe[2828] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa2836ac 5 bytes JMP 000007fefeed01f0 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa283770 5 bytes JMP 000007fefeed0298 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa2838d0 5 bytes JMP 000007fefeed01b8 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa283ca4 5 bytes JMP 000007fefeed0260 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa283d40 5 bytes JMP 000007fefeed0228 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa287fe0 7 bytes JMP 000007fefeed0378 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa28a38c 5 bytes JMP 000007fefeed02d0 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa2a49f0 5 bytes JMP 000007fefeed0308 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa2a4ab0 5 bytes JMP 000007fefeed0340 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa2a52e0 5 bytes JMP 000007fefeed03b0 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa2a53c0 5 bytes JMP 000007fefeed0490 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa2a5454 5 bytes JMP 000007fefeed04c8 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa2a5514 5 bytes JMP 000007fefeed0500 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa2a55a4 6 bytes JMP 000007fefeed03e8 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa2a55e4 6 bytes JMP 000007fefeed0420 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa2a5624 5 bytes JMP 000007fefeed0458 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa2a567c 5 bytes JMP 000007fefeed0538 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef4376944 7 bytes JMP 000007fefeed0180 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef4395a84 7 bytes JMP 000007fefeed0148 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef4395b90 7 bytes JMP 000007fefeed0570 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef4395c94 7 bytes JMP 000007fefeed05a8 .text C:\Windows\system\HsMgr64.exe[2892] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef4395da8 5 bytes JMP 000007fefeed05e0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Users\Remek\AppData\Roaming\uTorrent\uTorrent.exe[2972] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Users\Remek\AppData\Local\Akamai\netsession_win.exe[2488] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2772] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Program Files\AVAST Software\Avast\avastui.exe[2912] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075168791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2900] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000000061a4d0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000000061a630 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000000061ab40 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000000061abb0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000000061ac90 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000000061ac50 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000000061ac10 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000000061ad10 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000000061abe0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000000061acd0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000000061acf0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000000061ae40 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000000061aec0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000000061af00 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000000061af40 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000000061af80 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000000061b000 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000000061b060 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000000061b0d0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000000061a690 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000000061a770 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000000061a8a0 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000000061a990 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Smart Solution\bin\TestDDCCI.exe[1336] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000000061aa80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076002ab1 5 bytes JMP 00000000721d8d9e .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076002d17 5 bytes JMP 00000000721d8e08 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\DllHost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3840] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Users\Remek\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe[3912] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073121a22 2 bytes [12, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073121ad0 2 bytes [12, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073121b08 2 bytes [12, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073121bba 2 bytes [12, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073121bda 2 bytes [12, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[4484] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074b31465 2 bytes [B3, 74] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[4484] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074b314bb 2 bytes [B3, 74] .text ... * 2 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\wbem\wmiprvse.exe[6028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6796] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\system32\svchost.exe[5924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f01360 5 bytes JMP 0000000077060480 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f013b0 5 bytes JMP 0000000077060470 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f01510 5 bytes JMP 0000000077060360 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f01560 5 bytes JMP 0000000077060490 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f01570 5 bytes JMP 00000000770603d0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f01620 5 bytes JMP 0000000077060310 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f01650 5 bytes JMP 00000000770603a0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f01670 5 bytes JMP 0000000077060380 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f016b0 5 bytes JMP 00000000770602d0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f01730 1 byte JMP 00000000770602c0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000076f01732 3 bytes {JMP 0x17} .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f01750 5 bytes JMP 0000000077060300 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f01790 5 bytes JMP 00000000770603b0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076f017d0 5 bytes JMP 0000000077060440 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f017e0 5 bytes JMP 00000000770603e0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f01940 5 bytes JMP 0000000077060220 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f01b00 5 bytes JMP 00000000770604a0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f01b30 5 bytes JMP 0000000077060390 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f01c10 5 bytes JMP 00000000770602e0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f01c20 5 bytes JMP 0000000077060340 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f01c80 5 bytes JMP 0000000077060280 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f01d10 1 byte JMP 00000000770602a0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000076f01d12 3 bytes {JMP 0x15e590} .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f01d30 1 byte JMP 00000000770603c0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000076f01d32 3 bytes {JMP 0x15e690} .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f01d40 5 bytes JMP 0000000077060320 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f01db0 5 bytes JMP 0000000077060410 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f01de0 5 bytes JMP 0000000077060230 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076f01f80 5 bytes JMP 00000000770603f0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f020a0 5 bytes JMP 00000000770601d0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f02160 5 bytes JMP 0000000077060240 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f02190 5 bytes JMP 00000000770604b0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f021a0 5 bytes JMP 00000000770604c0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f021d0 5 bytes JMP 00000000770602f0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f021e0 5 bytes JMP 0000000077060350 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f02240 5 bytes JMP 0000000077060290 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f02290 5 bytes JMP 00000000770602b0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f022c0 5 bytes JMP 0000000077060370 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f022d0 5 bytes JMP 0000000077060330 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f025c0 5 bytes JMP 0000000077060460 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076f02720 5 bytes JMP 0000000077060420 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f027c0 1 byte JMP 0000000077060250 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000076f027c2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f027d0 1 byte JMP 0000000077060260 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000076f027d2 3 bytes {JMP 0x15da90} .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f027e0 5 bytes JMP 0000000077060400 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f029a0 5 bytes JMP 00000000770601e0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f029b0 5 bytes JMP 0000000077060200 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f02a20 5 bytes JMP 00000000770601f0 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f02a80 5 bytes JMP 0000000077060430 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f02a90 5 bytes JMP 0000000077060450 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f02aa0 5 bytes JMP 0000000077060210 .text C:\Windows\System32\svchost.exe[3048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f02b80 5 bytes JMP 0000000077060270 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006f61451e 5 bytes JMP 000000001000ab40 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006f614b6d 5 bytes JMP 000000001000abb0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006f614bf2 5 bytes JMP 000000001000ac90 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006f614f0f 5 bytes JMP 000000001000ac50 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006f614f7b 5 bytes JMP 000000001000ac10 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006f619054 5 bytes JMP 000000001000ad10 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006f61adf9 5 bytes JMP 000000001000abe0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006f6352e8 5 bytes JMP 000000001000acd0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006f63535f 5 bytes JMP 000000001000acf0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006f6359cc 5 bytes JMP 000000001000ae40 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006f635a6a 5 bytes JMP 000000001000aec0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006f635ad7 5 bytes JMP 000000001000af00 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006f635b5b 5 bytes JMP 000000001000af40 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006f635bba 5 bytes JMP 000000001000af80 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006f635bee 5 bytes JMP 000000001000b000 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006f635c22 5 bytes JMP 000000001000b060 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006f635c67 5 bytes JMP 000000001000b0d0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069fc7e3d 5 bytes JMP 000000001000a690 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 0000000069ffde69 5 bytes JMP 000000001000a770 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 000000006a00d2c5 5 bytes JMP 000000001000a8a0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 000000006a00d371 5 bytes JMP 000000001000a990 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 000000006a00d429 5 bytes JMP 000000001000aa80 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075039d0b 5 bytes JMP 000000001000a4d0 .text C:\Users\Remek\AppData\Local\Temp\Rar$EXa0.877\gmer.exe[1088] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075039d4e 5 bytes JMP 000000001000a630 ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a8e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a8c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a9654] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a9a50] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a98ac] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.2 ---- Device \Driver\af6q5bhb \Device\Scsi\af6q5bhb1 fffffa8009bf72c0 Device \Driver\af6q5bhb \Device\Scsi\af6q5bhb1Port2Path0Target0Lun0 fffffa8009bf72c0 Device \FileSystem\Ntfs \Ntfs fffffa8006b342c0 Device \Driver\iaStorA \Device\0000007a fffffa80069ba2c0 Device \Driver\iaStorA \Device\00000078 fffffa80069ba2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8009ba02c0 Device \Driver\iaStorA \Device\RaidPort0 fffffa80069ba2c0 Device \Driver\cdrom \Device\CdRom0 fffffa80074c62c0 Device \Driver\AsrRamDisk \Device\RaidPort1 fffffa8006b302c0 Device \Driver\cdrom \Device\CdRom1 fffffa80074c62c0 Device \Driver\cdrom \Device\CdRom2 fffffa80074c62c0 Device \Driver\iaStorA \Device\00000079 fffffa80069ba2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8009ba02c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa800741e2c0 Device \Driver\dtsoftbus01 \Device\00000081 fffffa800741e2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8009ba02c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80074ca2c0 Device \Driver\iaStorA \Device\ScsiPort0 fffffa80069ba2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{303995A0-DED4-4C2E-A4D7-2EBE89C36945} fffffa80074ca2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8009ba02c0 Device \Driver\AsrRamDisk \Device\ScsiPort1 fffffa8006b302c0 Device \Driver\af6q5bhb \Device\ScsiPort2 fffffa8009bf72c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{08BF66DC-8A58-44A4-A525-1FEF72BFC683} fffffa80074ca2c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys >>UNKNOWN [0xfffffa80069ba2c0]<< sptd.sys storport.sys hal.dll iaStorA.sys fffffa80069ba2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80073ba060] fffffa80073ba060 Trace 3 CLASSPNP.SYS[fffff880015c743f] -> nt!IofCallDriver -> [0xfffffa8007021c50] fffffa8007021c50 Trace 5 iaStorF.sys[fffff88001beaf84] -> nt!IofCallDriver -> \Device\00000079[0xfffffa8006ca59c0] fffffa8006ca59c0 Trace \Driver\iaStorA[0xfffffa8006bf84c0] -> IRP_MJ_CREATE -> 0xfffffa80069ba2c0 fffffa80069ba2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\af6q5bhb.SYS fffff88008065000-fffff880080b6000 (331776 bytes) ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet001\services\ngvss\Parameters@asserts ????s????????????????????U?e?e?g?h?h???h?????????????i????????????\??????z??????? ???????????????e??????????????????????SysClass.Dll,CriticalDeviceCoInstaller????????b????????????????e??????????????????n??????k???????????????????????n??%m??DCTWV 1UF0PM7 SCSI CdRom Device?????????????????????Port_#0006.Hub_#0001?????????????5??????????????????????????????????B????z????????????????????????????????N??????D????D8-0??????????@volsnap.inf,%msft%;Microsoft???????????????????????????????{0??disk??????????????????????N??????0?????DV_??????????????????? l??????????????~??????t???? ???????g??????0e???????????z???????????????????????????????????????????y???????????????&????@??????e???e????(??????0??00??? ??w????e??????1(??????????????????????????dl???k??X????????????????????I????????????????J??????3??????2&???$???????????????????????????????????????n??????????? .??????F?????002???????????y??ud???????????o??go??disk.inf????? ?????????????w?????s??????????N???????????????0???Display?????? ???/??????????????{745a17a0-74d3- Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xEC 0xB3 0xE3 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x60 0x07 0x22 0xED ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x4F 0x15 0x6C ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0xDB 0x4F 0x30 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3A 0xFB 0x52 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xEC 0xB3 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x33 0x65 0xA3 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x4F 0x15 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x8F 0x0F 0x14 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3A 0xFB 0x52 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List 62254 62260 62270 62280 62300 62344 62354 62392 62398 62414 62422 62428 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter 62440 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help 62441 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Counter 62254 Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Help 62255 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD6 0xEC 0xB3 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x33 0x65 0xA3 0xB4 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0x4F 0x15 0x6C ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x8F 0x0F 0x14 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3A 0xFB 0x52 0x57 ... ---- EOF - GMER 2.2 ----