Code:
Alles auswählen Aufklappen ATTFilter
.text C:\windows\system32\svchost.exe[1808] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\taskhost.exe[1936] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd7700b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd770038
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefea37490 5 bytes JMP 000007fffd770138
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb1da38c 5 bytes JMP 000007fefd7702b8
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb1f4b60 5 bytes JMP 000007fefd770238
.text C:\windows\system32\taskhost.exe[1936] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb1f4ba0 5 bytes JMP 000007fefd7701b8
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077208791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[2008] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe[1840] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2156] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2452] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[2552] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2768] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2868] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c21401 2 bytes JMP 7722b21b C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c21419 2 bytes JMP 7722b346 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c21431 2 bytes JMP 772a8ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c2144a 2 bytes CALL 772048ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c214dd 2 bytes JMP 772a87a2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c214f5 2 bytes JMP 772a8978 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c2150d 2 bytes JMP 772a8698 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c21525 2 bytes JMP 772a8a62 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c2153d 2 bytes JMP 7721fca8 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c21555 2 bytes JMP 772268ef C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c2156d 2 bytes JMP 772a8f61 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c21585 2 bytes JMP 772a8ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c2159d 2 bytes JMP 772a865c C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c215b5 2 bytes JMP 7721fd41 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c215cd 2 bytes JMP 7722b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c216b2 2 bytes JMP 772a8e24 C:\windows\syswow64\kernel32.dll
.text C:\Program[2908] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c216bd 2 bytes JMP 772a85f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007722a2fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\SearchIndexer.exe[3544] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\Dwm.exe[3724] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000077546440 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd828ef0 5 bytes JMP 000007fffd8100b8
.text C:\windows\system32\Dwm.exe[3724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd82bfd0 5 bytes JMP 000007fffd810038
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000100070460
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000100070450
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000100070370
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000100070470
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000001000703e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000100070320
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000001000703b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000100070390
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000001000702e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000001000702d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000100070310
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000001000703c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000001000703f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000100070230
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000100070480
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000001000703a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000001000702f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000100070350
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000100070290
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000001000702b0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000001000703d0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000100070330
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000100070410
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000100070240
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000001000701e0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000100070250
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000100070490
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000001000704a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000100070300
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000100070360
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000001000702a0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000001000702c0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000100070380
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000100070340
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000100070440
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000100070260
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000100070270
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000100070400
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000001000701f0
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000100070210
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000100070200
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000100070420
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000100070430
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000100070220
.text C:\windows\Explorer.EXE[3732] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000100070280
.text C:\windows\Explorer.EXE[3732] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\windows\system32\svchost.exe[3828] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777a16b0 5 bytes JMP 00000000779002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777a1730 5 bytes JMP 00000000779002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777a1750 5 bytes JMP 0000000077900310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777a1790 5 bytes JMP 00000000779003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777a17e0 5 bytes JMP 00000000779003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000777a1940 5 bytes JMP 0000000077900230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777a1b00 5 bytes JMP 0000000077900480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000777a1b30 5 bytes JMP 00000000779003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777a1c10 5 bytes JMP 00000000779002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000777a1c20 5 bytes JMP 0000000077900350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777a1c80 5 bytes JMP 0000000077900290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777a1d10 5 bytes JMP 00000000779002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777a1d30 5 bytes JMP 00000000779003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000777a1d40 5 bytes JMP 0000000077900330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000777a1db0 5 bytes JMP 0000000077900410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000777a1de0 5 bytes JMP 0000000077900240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777a20a0 5 bytes JMP 00000000779001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000777a2160 5 bytes JMP 0000000077900250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000777a2190 5 bytes JMP 0000000077900490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777a21a0 5 bytes JMP 00000000779004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777a21d0 5 bytes JMP 0000000077900300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777a21e0 5 bytes JMP 0000000077900360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000777a2240 5 bytes JMP 00000000779002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000777a2290 5 bytes JMP 00000000779002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777a22c0 5 bytes JMP 0000000077900380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777a22d0 5 bytes JMP 0000000077900340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777a25c0 5 bytes JMP 0000000077900440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777a27c0 5 bytes JMP 0000000077900260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777a27d0 5 bytes JMP 0000000077900270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777a27e0 5 bytes JMP 0000000077900400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777a29a0 5 bytes JMP 00000000779001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777a29b0 5 bytes JMP 0000000077900210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777a2a20 5 bytes JMP 0000000077900200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777a2a80 5 bytes JMP 0000000077900420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777a2a90 5 bytes JMP 0000000077900430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777a2aa0 5 bytes JMP 0000000077900220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000777a2b80 5 bytes JMP 0000000077900280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3768] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007758ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777a1360 5 bytes JMP 0000000077900460
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777a13b0 5 bytes JMP 0000000077900450
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777a1510 5 bytes JMP 0000000077900370
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777a1560 5 bytes JMP 0000000077900470
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777a1570 5 bytes JMP 00000000779003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777a1620 5 bytes JMP 0000000077900320
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777a1650 5 bytes JMP 00000000779003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777a1670 5 bytes JMP 0000000077900390
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3792] C:\windows\SYSTEM32\ntdll.dll!NtOpenEvent
09.04.2015, 12:47
Baum-Darstellung