View Single Post
  #8  
Old June 6th, 2013, 02:08 AM
SirSnoop SirSnoop is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows 7 64-bit
Age: 35
Posts: 566
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\lsass.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0xffffffff8921e890}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0xffffffff8921e590}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0xffffffff8921e090}
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsm.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d3eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e51410 5 bytes JMP 0000000076fb0460
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e51570 5 bytes JMP 0000000076fb0370
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000076e515c0 5 bytes JMP 0000000076fb0480
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e515d0 5 bytes JMP 0000000076fb03e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e51680 5 bytes JMP 0000000076fb0320
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e516b0 5 bytes JMP 0000000076fb03b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e516d0 5 bytes JMP 0000000076fb0390
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e51710 5 bytes JMP 0000000076fb02e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076e51760 5 bytes JMP 0000000076fb0440
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e51790 5 bytes JMP 0000000076fb02d0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e517b0 5 bytes JMP 0000000076fb0310
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e517f0 5 bytes JMP 0000000076fb03c0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e51840 5 bytes JMP 0000000076fb03f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e519a0 1 byte JMP 0000000076fb0230
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 0000000076e519a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000076e51b60 5 bytes JMP 0000000076fb0490
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000076e51b90 5 bytes JMP 0000000076fb03a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e51c70 5 bytes JMP 0000000076fb02f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e51c80 5 bytes JMP 0000000076fb0350
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e51ce0 5 bytes JMP 0000000076fb0290
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e51d70 5 bytes JMP 0000000076fb02b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e51d90 5 bytes JMP 0000000076fb03d0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e51da0 1 byte JMP 0000000076fb0330
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000076e51da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e51e10 5 bytes JMP 0000000076fb0410
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e51e40 5 bytes JMP 0000000076fb0240
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e52100 5 bytes JMP 0000000076fb01e0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e521c0 1 byte JMP 0000000076fb0250
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 0000000076e521c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e521f0 5 bytes JMP 0000000076fb04a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 0000000076e52200 5 bytes JMP 0000000076fb04b0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e52230 5 bytes JMP 0000000076fb0300
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e52240 5 bytes JMP 0000000076fb0360
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e522a0 5 bytes JMP 0000000076fb02a0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e522f0 5 bytes JMP 0000000076fb02c0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e52320 5 bytes JMP 0000000076fb0380
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e52330 5 bytes JMP 0000000076fb0340
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e52620 5 bytes JMP 0000000076fb0450
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e52820 5 bytes JMP 0000000076fb0260
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e52830 5 bytes JMP 0000000076fb0270
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e52840 5 bytes JMP 0000000076fb0400
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 0000000076e52a00 5 bytes JMP 0000000076fb01f0
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 0000000076e52a10 5 bytes JMP 0000000076fb0210
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e52a80 5 bytes JMP 0000000076fb0200
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e52ae0 5 bytes JMP 0000000076fb0420
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e52af0 5 bytes JMP 0000000076fb0430
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e52b00 5 bytes JMP 0000000076fb0220
.text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e52be0 5 bytes JMP 0000000076fb0280
.text C:\Windows\System32\svchost.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000076e513c0 5 bytes JMP 0000000076fb0470
Reply With Quote