GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-13 22:23:02 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB Running: cwljrbcc.exe; Driver: C:\Users\Ewa\AppData\Local\Temp\uxriipow.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000049e40480 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000049e40470 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000049e40360 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000049e40490 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000049e403d0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000049e40310 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000049e403a0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000049e40380 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000049e402d0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000049e402c0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0xffffffffd22f2490} .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000049e40300 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000049e403b0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000049e40440 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000049e403e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000049e40220 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000049e404a0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000049e40390 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000049e402e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000049e40340 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000049e40280 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000049e402a0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0xffffffffd22f1e90} .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000049e403c0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0xffffffffd22f1f90} .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000049e40320 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000049e40410 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000049e40230 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000049e403f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000049e401d0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000049e40240 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000049e404b0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000049e404c0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000049e402f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000049e40350 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000049e40290 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000049e402b0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000049e40370 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000049e40330 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000049e40460 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000049e40420 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000049e40250 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0xffffffffd22f1390} .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000049e40260 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0xffffffffd22f1390} .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000049e40400 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000049e401e0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000049e40200 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000049e401f0 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000049e40430 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000049e40450 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000049e40210 .text C:\Windows\system32\csrss.exe[476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000049e40270 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\services.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\svchost.exe[108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0xffffffff88522490} .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0xffffffff88521e90} .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0xffffffff88521f90} .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[372] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0xffffffff88522490} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0xffffffff88521e90} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0xffffffff88521f90} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000000070480 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000000070470 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000000070360 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000000070490 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 00000000000703d0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000000070310 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 00000000000703a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000000070380 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 00000000000702d0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 00000000000702c0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0xffffffff88522490} .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000000070300 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 00000000000703b0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000000070440 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 00000000000703e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000000070220 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 00000000000704a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000000070390 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 00000000000702e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000000070340 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000000070280 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 00000000000702a0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0xffffffff88521e90} .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 00000000000703c0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0xffffffff88521f90} .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000000070320 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000000070410 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000000070230 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 00000000000703f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 00000000000701d0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000000070240 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 00000000000704b0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 00000000000704c0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 00000000000702f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000000070350 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000000070290 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 00000000000702b0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000000070370 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000000070330 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000000070460 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000000070420 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000000070250 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000000070260 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0xffffffff88521390} .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000000070400 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 00000000000701e0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000000070200 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 00000000000701f0 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000000070430 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000000070450 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000000070210 .text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\svchost.exe[1692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\System32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Program Files\AVAST Software\Avast\avastui.exe[452] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000769c8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077b4da60 5 bytes JMP 0000000077cb0480 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077b4dab0 5 bytes JMP 0000000077cb0470 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077b4dc10 5 bytes JMP 0000000077cb0360 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077b4dc60 5 bytes JMP 0000000077cb0490 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b4dc70 5 bytes JMP 0000000077cb03d0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077b4dd20 5 bytes JMP 0000000077cb0310 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077b4dd50 5 bytes JMP 0000000077cb03a0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077b4dd70 5 bytes JMP 0000000077cb0380 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077b4ddb0 5 bytes JMP 0000000077cb02d0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077b4de30 1 byte JMP 0000000077cb02c0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 2 0000000077b4de32 3 bytes {JMP 0x162490} .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077b4de50 5 bytes JMP 0000000077cb0300 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077b4de90 5 bytes JMP 0000000077cb03b0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077b4ded0 5 bytes JMP 0000000077cb0440 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077b4dee0 5 bytes JMP 0000000077cb03e0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077b4e040 5 bytes JMP 0000000077cb0220 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077b4e200 5 bytes JMP 0000000077cb04a0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077b4e230 5 bytes JMP 0000000077cb0390 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077b4e310 5 bytes JMP 0000000077cb02e0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077b4e320 5 bytes JMP 0000000077cb0340 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077b4e380 5 bytes JMP 0000000077cb0280 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077b4e410 1 byte JMP 0000000077cb02a0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore + 2 0000000077b4e412 3 bytes {JMP 0x161e90} .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077b4e430 1 byte JMP 0000000077cb03c0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 2 0000000077b4e432 3 bytes {JMP 0x161f90} .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077b4e440 5 bytes JMP 0000000077cb0320 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077b4e4b0 5 bytes JMP 0000000077cb0410 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077b4e4e0 5 bytes JMP 0000000077cb0230 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077b4e680 5 bytes JMP 0000000077cb03f0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077b4e7a0 5 bytes JMP 0000000077cb01d0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077b4e860 5 bytes JMP 0000000077cb0240 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077b4e890 5 bytes JMP 0000000077cb04b0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b4e8a0 5 bytes JMP 0000000077cb04c0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077b4e8d0 5 bytes JMP 0000000077cb02f0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077b4e8e0 5 bytes JMP 0000000077cb0350 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077b4e940 5 bytes JMP 0000000077cb0290 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077b4e990 5 bytes JMP 0000000077cb02b0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077b4e9c0 5 bytes JMP 0000000077cb0370 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077b4e9d0 5 bytes JMP 0000000077cb0330 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077b4ecc0 5 bytes JMP 0000000077cb0460 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000077b4ee20 5 bytes JMP 0000000077cb0420 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077b4eec0 1 byte JMP 0000000077cb0250 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 0000000077b4eec2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077b4eed0 1 byte JMP 0000000077cb0260 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 0000000077b4eed2 3 bytes {JMP 0x161390} .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b4eee0 5 bytes JMP 0000000077cb0400 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077b4f0a0 5 bytes JMP 0000000077cb01e0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077b4f0b0 5 bytes JMP 0000000077cb0200 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077b4f120 5 bytes JMP 0000000077cb01f0 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077b4f180 5 bytes JMP 0000000077cb0430 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077b4f190 5 bytes JMP 0000000077cb0450 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077b4f1a0 5 bytes JMP 0000000077cb0210 .text C:\Windows\system32\AUDIODG.EXE[9976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077b4f280 5 bytes JMP 0000000077cb0270 .text C:\Program Files\Internet Explorer\iexplore.exe[10876] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b23250 6 bytes {NOP ; JMP 0xffffffff8872d50c} .text C:\Program Files\Internet Explorer\iexplore.exe[10876] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b26dc0 6 bytes {NOP ; JMP 0xffffffff887295e4} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d1f33b 5 bytes JMP 000000005dde01f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11080] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d23b8c 5 bytes JMP 000000005dde03fc .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11376] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d1f33b 5 bytes JMP 000000000b8301f8 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[11376] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d23b8c 5 bytes JMP 000000000b8303fc ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fee9fb6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fee9f90750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fee9fb61b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fee9fb6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fee9fb6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fee9f90750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fee9fb6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fee9fb60d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fee9fb62b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fee9f7ef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fee9fb6840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[10876] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fee9f71c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\System32\svchost.exe [108:1612] 000007fef9da59a0 Thread C:\Windows\System32\svchost.exe [108:1656] 000007fefd2b1a70 Thread C:\Windows\System32\svchost.exe [108:1844] 000007fef4a844d0 Thread C:\Windows\System32\svchost.exe [108:5520] 000007feed4a14a0 Thread C:\Windows\System32\svchost.exe [108:5748] 000007feed2fa2b0 Thread C:\Windows\System32\svchost.exe [108:5876] 000007fef08189b8 Thread C:\Windows\system32\svchost.exe [480:5884] 000007feebcb506c Thread C:\Windows\system32\svchost.exe [480:5296] 000007feebf81c20 Thread C:\Windows\system32\svchost.exe [480:4312] 000007feebf81c20 Thread C:\Windows\system32\svchost.exe [480:5156] 000007fef4c25124 Thread C:\Windows\system32\svchost.exe [480:6072] 000007fee9aea190 Thread C:\Windows\system32\svchost.exe [480:13060] 000007fef48517f8 Thread C:\Windows\system32\svchost.exe [480:10456] 000007fef48517f8 Thread C:\Windows\system32\svchost.exe [480:1236] 000007fefaf2b68c Thread C:\Windows\system32\svchost.exe [1060:1284] 000007fefba08274 Thread C:\Windows\system32\svchost.exe [1060:1428] 000007fefba08274 Thread C:\Windows\system32\svchost.exe [1140:1756] 000007fef9845170 Thread C:\Windows\system32\svchost.exe [1140:4880] 000007fef103bd70 Thread C:\Windows\system32\svchost.exe [1140:2484] 000007fef4c25124 Thread C:\Windows\system32\Dwm.exe [1464:1544] 000007fefaa3f110 Thread C:\Windows\system32\Dwm.exe [1464:1548] 000007fefa4dabf0 Thread C:\Windows\System32\spoolsv.exe [1112:3716] 0000000010005e20 Thread C:\Windows\System32\spoolsv.exe [1112:3764] 000007fef13e10c8 Thread C:\Windows\System32\spoolsv.exe [1112:3484] 000007fef13b6144 Thread C:\Windows\System32\spoolsv.exe [1112:3488] 000007fefaee5fd0 Thread C:\Windows\System32\spoolsv.exe [1112:3492] 000007fef11d3438 Thread C:\Windows\System32\spoolsv.exe [1112:3444] 000007fefaee63ec Thread C:\Windows\System32\spoolsv.exe [1112:2624] 000007fef14e5e5c Thread C:\Windows\System32\spoolsv.exe [1112:3296] 000007fef1468760 Thread C:\Windows\system32\svchost.exe [1692:2500] 000007fef7b835c0 Thread C:\Windows\system32\svchost.exe [1692:4280] 000007fef7b85600 Thread C:\Windows\system32\svchost.exe [1692:5560] 000007feed5c2888 Thread C:\Windows\system32\svchost.exe [1692:5588] 000007feed492940 Thread C:\Windows\system32\svchost.exe [5104:3204] 000007fef11d3438 Thread C:\Windows\system32\svchost.exe [5584:3084] 000007feebfa8470 Thread C:\Windows\system32\svchost.exe [5584:2464] 000007feebfb2418 Thread C:\Windows\system32\svchost.exe [5584:5012] 000007feec03f130 Thread C:\Windows\system32\svchost.exe [5584:13112] 000007feec034734 Thread C:\Windows\system32\svchost.exe [5584:12016] 000007feec034734 Thread C:\Windows\System32\svchost.exe [4796:3448] 000007feebe29688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5732:5540] 000007fefbed2af8 Thread C:\Windows\system32\AUDIODG.EXE [9976:8216] 000000006ebb7350 Thread C:\Windows\system32\AUDIODG.EXE [9976:10176] 000000006eba57a4 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:13824] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:15140] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:13812] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:11620] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:13656] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:13972] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:12396] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:12368] 000000005d6f39a0 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [11376:9900] 000000005d6f39a0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}\Connection@Name isatap.{C04F8364-5451-4450-91A8-779EA1B5ED7B} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{272F5D8C-3D5B-4A87-A8D1-71F35764B818}?\Device\{F897DA5A-6126-4B32-9854-220DA431462D}?\Device\{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}?\Device\{955058EF-7206-4D03-A3DC-405C560D1A30}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{272F5D8C-3D5B-4A87-A8D1-71F35764B818}"?"{F897DA5A-6126-4B32-9854-220DA431462D}"?"{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}"?"{955058EF-7206-4D03-A3DC-405C560D1A30}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{272F5D8C-3D5B-4A87-A8D1-71F35764B818}?\Device\TCPIP6TUNNEL_{F897DA5A-6126-4B32-9854-220DA431462D}?\Device\TCPIP6TUNNEL_{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}?\Device\TCPIP6TUNNEL_{955058EF-7206-4D03-A3DC-405C560D1A30}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}@InterfaceName isatap.{C04F8364-5451-4450-91A8-779EA1B5ED7B} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{C5D41914-4BFD-45C3-A578-4DB4F94F42EA}@ReusableType 0 ---- Files - GMER 2.2 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes File C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Cookies\Low\V0UGBF59.txt 190 bytes File C:\Windows\System32\Tasks\Microsoft\Windows Defender\MpIdleTask 3404 bytes ---- EOF - GMER 2.2 ----