| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware.SpeedingUp Virus Werbebanner FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
09.04.2015, 12:46
| #1 |
 |  gmer 2Code:
ATTFilter 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[908] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1000] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1000] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\atiesrxx.exe[536] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\svchost.exe[616] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\System32\svchost.exe[672] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\System32\svchost.exe[672] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\AUDIODG.EXE[1092] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\atieclxx.exe[1236] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\spoolsv.exe[1740] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
|
|
09.04.2015, 12:47
| #2 |
| | gmer 3Code:
ATTFilter .text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7700b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd770038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd770138
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7702b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd770238
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7701b8
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077208791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe[1840] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2156] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\Explorer.EXE[3732] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent
|
|
09.04.2015, 12:49
| #3 |
| | gmer 4Code:
ATTFilter 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe[3940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[3428] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4100] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe[4152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[4228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4356] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd7f0138
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\DDRAW.dll!DirectDrawCreate 000007fef673815c 5 bytes JMP 000007fefd7f0338
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4388] C:\windows\system32\DDRAW.dll!DirectDrawCreateEx 000007fef6738968 5 bytes JMP 000007fefd7f03b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
|
|
09.04.2015, 12:51
| #4 |
| | gmer 5Code:
ATTFilter .text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files\Windows Sidebar\sidebar.exe[4548] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4584] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7f00b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd7f0038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7f02b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd7f0238
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4660] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7f01b8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4700] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4780] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[4888] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe[4952] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\System32\svchost.exe[5104] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\ProgramData\{559aac06-3e54-c069-559a-aac063e5b018}\hqghumeaylnlf.exe[4288] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001003927c0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001003928a0
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000100392830
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000100392900
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[4332] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001002e27c0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001002e28a0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 00000001002e2830
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4652] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 00000001002e2900
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900]
|
|
09.04.2015, 12:54
| #5 |
| | gmer 6Code:
ATTFilter C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2852] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000772048db 5 bytes JMP 00000001100027c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000772048f3 5 bytes JMP 00000001100028a0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 0000000077204925 5 bytes JMP 0000000110002830
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000756f9d0b 5 bytes JMP 0000000110002900
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2520] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wbem\wmiprvse.exe[2600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077208791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3228] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\iPod\bin\iPodService.exe[5620] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\iPod\bin\iPodService.exe[1768] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 00000001002a0460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 00000001002a0450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 00000001002a0370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 00000001002a0470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001002a03e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 00000001002a0320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001002a03b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 00000001002a0390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001002a02e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001002a02d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 00000001002a0310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001002a03c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001002a03f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 00000001002a0230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 00000001002a0480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001002a03a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001002a02f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 00000001002a0350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 00000001002a0290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001002a02b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001002a03d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 00000001002a0330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 00000001002a0410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 00000001002a0240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001002a01e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 00000001002a0250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 00000001002a0490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001002a04a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 00000001002a0300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 00000001002a0360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001002a02a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001002a02c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 00000001002a0380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 00000001002a0340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 00000001002a0440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 00000001002a0260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 00000001002a0270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 00000001002a0400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001002a01f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 00000001002a0200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 00000001002a0420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 00000001002a0430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 00000001002a0220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 00000001002a0280
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5528] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\system32\wbem\unsecapp.exe[3048] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4252] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5336] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5452] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\system32\wuauclt.exe[1792] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd810138
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\User\Downloads\Gmer-19357.exe[6268] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4700:4476] 000007fef6da2bf8
---- Processes - GMER 2.1 ----
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\taskhost.exe [1936](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe [2868] 0000000000400000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe [2908] 00000000003c0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\Dwm.exe [3724](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [3732](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3768](2015-04-06 12:0 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3792](2015-04-06 12:05: 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3948](2015-04-06 12:05:28 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [3940](2015-04-06 12:0 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [3428](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4100](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe [4152](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [4228](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [4356](2015-04-06 12 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Logitech Gaming Software\LCore.exe [4388](2015-04 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4548](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [4584](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [4660](201 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [4780](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [4888](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [4952](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4960](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [4272](2015-04 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe [4332](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [4652](2015-04-0 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2900](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2852](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [2520](2015-04-06 12:05: 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe [5932] 000000013fb50000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.exe [5932](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe [4372] 0000000000ba0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.exe [4372](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768] 0000000001330000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhrydacu.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768] 00000000656f0000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\jhrydac.exe [1768](2015-04-06 12:05:52) 0000000065770000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [5528](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\wbem\unsecapp.exe [3048](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry6ac.dll (*** suspicious ***) @ C:\windows\system32\wuauclt.exe [1792](2015-04-06 12:05:28) 000007feed820000
Library C:\ProgramData\eazyzoom\1.1.0.30\jhry3ac.dll (*** suspicious ***) @ C:\Users\User\Downloads\Gmer-19357.exe [6268](2015-04-06 12:05:52) 0000000065770000
---- Services - GMER 2.1 ----
Service C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe (*** hidden *** ) [AUTO] isazpav <-- ROOTKIT !!!
Service C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe (*** hidden *** ) [AUTO] jimshle <-- ROOTKIT !!!
Service C:\windows\system32\Drivers\tammgF119.sys (*** hidden *** ) [SYSTEM] tammgF119 <-- ROOTKIT !!!
Service C:\windows\system32\Drivers\tammgR119.sys (*** hidden *** ) [SYSTEM] tammgR119 <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys@ Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46afcfaa0
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ImagePath "C:\ProgramData\eazyzoom\1.1.0.30\jhrywac.exe" -scm
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@DisplayName isazpav
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\isazpav
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ImagePath "C:\ProgramData\eazyzoom\1.1.0.30\jhryaac.exe" /ts2=1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@DisplayName jimshle
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\jimshle
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ImagePath \??\C:\windows\system32\Drivers\tammgF119.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DisplayName tammgF119 service
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances@DefaultInstance tammgF119 Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Altitude 370034
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ImagePath \??\C:\windows\system32\Drivers\tammgR119.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@DisplayName tammgR119 service
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46afcfaa0 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
| Themen zu Adware.SpeedingUp Virus Werbebanner Firefox |
| adobe, adware.speedingup, antivirus, browser, defender, desktop, firefox, flash player, google, home, homepage, langsam, launch, mozilla, popups, realtek, registry, rundll, scan, security, sekunden, services.exe, software, svchost.exe, virus, werbefenster, windows |
Hybrid-Darstellung
