GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-01 19:54:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_____ rev.03.0 465,76GB Running: j9n9hutv.exe; Driver: C:\Users\IZA\AppData\Local\Temp\uxriipow.sys ---- User code sections - GMER 2.2 ---- .text C:\windows\system32\csrss.exe[468] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077cabde0 8 bytes JMP 000000006fff00d8 .text C:\windows\system32\csrss.exe[468] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077cabfe0 8 bytes JMP 000000006fff0110 .text C:\windows\system32\csrss.exe[468] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 000000006fff0148 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!SetThreadDesktop 0000000077a4d660 8 bytes JMP 000000006fff0148 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!SetClipboardData 0000000077a5e43c 5 bytes JMP 000000006fff00d8 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!GetClipboardData 0000000077a5e854 5 bytes JMP 000000006fff0110 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!mouse_event 0000000077a63874 7 bytes JMP 000000006fff01f0 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!SendInput 0000000077a68c90 8 bytes JMP 000000006fff0180 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!PrintWindow 0000000077a6b130 8 bytes JMP 000000006fff0260 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\USER32.dll!keybd_event 0000000077ab4610 7 bytes JMP 000000006fff01b8 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\wininit.exe[636] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\csrss.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077cabde0 8 bytes JMP 000000006fff00d8 .text C:\windows\system32\csrss.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077cabfe0 8 bytes JMP 000000006fff0110 .text C:\windows\system32\csrss.exe[656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 000000006fff0148 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\services.exe[696] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\services.exe[696] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\services.exe[696] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\services.exe[696] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\services.exe[696] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe542930 5 bytes JMP 000007febd590358 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SwitchDesktop 0000000077a45330 7 bytes JMP 0000000037ca1498 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!RegisterRawInputDevices 0000000077a46ea0 8 bytes JMP 0000000037ca1018 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SystemParametersInfoA 0000000077a480e4 7 bytes JMP 0000000037ca12b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetParent 0000000077a48480 8 bytes JMP 0000000037ca1078 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowLongA 0000000077a49b10 6 bytes JMP 0000000037ca07d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!PostMessageA 0000000077a4a354 5 bytes JMP 0000000037ca0958 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!EnableWindow 0000000077a4aa00 9 bytes JMP 0000000037ca1378 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!MoveWindow 0000000077a4aa30 8 bytes JMP 0000000037ca10d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowLongPtrA 0000000077a4b474 6 bytes JMP 0000000037ca0898 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!GetAsyncKeyState 0000000077a4c63c 5 bytes JMP 0000000037ca0fb8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!RegisterHotKey 0000000077a4cc90 8 bytes JMP 0000000037ca1258 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!PostThreadMessageA 0000000077a4d204 5 bytes JMP 0000000037ca0a18 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageA 0000000077a4d290 5 bytes JMP 0000000037ca0ad8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetThreadDesktop 0000000077a4d660 8 bytes JMP 000000006fff0148 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendNotifyMessageW 0000000077a4dbc0 9 bytes JMP 0000000037ca0d78 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SystemParametersInfoW 0000000077a4f490 7 bytes JMP 0000000037ca1318 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowsHookExW 0000000077a4f804 9 bytes JMP 0000000037ca0718 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageTimeoutW 0000000077a4fa50 9 bytes JMP 0000000037ca0bf8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!PostThreadMessageW 0000000077a50b14 10 bytes JMP 0000000037ca0a78 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowLongW 0000000077a53340 8 bytes JMP 0000000037ca0838 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWinEventHook 0000000077a54ccc 5 bytes JMP 0000000037ca0778 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!GetKeyState 0000000077a54f80 3 bytes JMP 0000000037ca0f58 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!GetKeyState + 4 0000000077a54f84 1 byte [C0] .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageCallbackW 0000000077a553d0 7 bytes JMP 0000000037ca0cb8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageW 0000000077a56b04 3 bytes JMP 0000000037ca0b38 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageW + 4 0000000077a56b08 1 byte [C0] .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowLongPtrW 0000000077a576ac 8 bytes JMP 0000000037ca08f8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!PostMessageW 0000000077a576d4 7 bytes JMP 0000000037ca09b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendDlgItemMessageW 0000000077a5dd9c 3 bytes JMP 0000000037ca0e38 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendDlgItemMessageW + 4 0000000077a5dda0 1 byte [C0] .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetClipboardData 0000000077a5e43c 5 bytes JMP 000000006fff00d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!GetClipboardData 0000000077a5e854 5 bytes JMP 000000006fff0110 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetClipboardViewer 0000000077a5f780 8 bytes JMP 0000000037ca1138 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendNotifyMessageA 0000000077a628d4 12 bytes JMP 0000000037ca0d18 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!mouse_event 0000000077a63874 7 bytes JMP 000000006fff01f0 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!GetKeyboardState 0000000077a689c0 8 bytes JMP 0000000037ca0ef8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageTimeoutA 0000000077a68b88 12 bytes JMP 0000000037ca0b98 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetWindowsHookExA 0000000077a68bd0 12 bytes JMP 0000000037ca06b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendInput 0000000077a68c90 8 bytes JMP 000000006fff0180 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!BlockInput 0000000077a6ad10 8 bytes JMP 0000000037ca1198 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!ClipCursor 0000000077a6ad60 8 bytes JMP 0000000037ca1438 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!PrintWindow 0000000077a6b130 8 bytes JMP 000000006fff0260 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!ExitWindowsEx 0000000077a91534 5 bytes JMP 0000000037ca13d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SetSystemCursor 0000000077ab45b0 5 bytes JMP 0000000037ca14f8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!keybd_event 0000000077ab4610 7 bytes JMP 000000006fff01b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendDlgItemMessageA 0000000077abcc7c 5 bytes JMP 0000000037ca0dd8 .text C:\windows\system32\services.exe[696] C:\windows\system32\USER32.dll!SendMessageCallbackA 0000000077abdf8c 7 bytes JMP 0000000037ca0c58 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\services.exe[696] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\lsass.exe[720] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\lsass.exe[720] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\lsm.exe[728] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\lsm.exe[728] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe542930 5 bytes JMP 000007febd590358 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[832] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!SetThreadDesktop 0000000077a4d660 8 bytes JMP 000000006fff0148 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!SetClipboardData 0000000077a5e43c 5 bytes JMP 000000006fff00d8 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!GetClipboardData 0000000077a5e854 5 bytes JMP 000000006fff0110 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!mouse_event 0000000077a63874 7 bytes JMP 000000006fff01f0 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!SendInput 0000000077a68c90 8 bytes JMP 000000006fff0180 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!PrintWindow 0000000077a6b130 8 bytes JMP 000000006fff0260 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\USER32.dll!keybd_event 0000000077ab4610 7 bytes JMP 000000006fff01b8 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\winlogon.exe[876] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe542930 5 bytes JMP 000007febd590358 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[952] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdc102d0 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdc10148 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdc10260 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdc101b8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdc10110 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdc100d8 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdc10298 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdc10180 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdc101f0 .text C:\windows\system32\atiesrxx.exe[520] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdc10228 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\System32\svchost.exe[648] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\System32\svchost.exe[1044] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\System32\svchost.exe[1044] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1076] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1076] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1108] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe542930 5 bytes JMP 000007febd590358 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1108] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1224] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1224] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdc102d0 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdc10148 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdc10260 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdc101b8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdc10110 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdc100d8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdc10298 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdc10180 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdc101f0 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdc10228 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\atieclxx.exe[1296] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1348] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1348] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1464] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe542930 5 bytes JMP 000007febd590358 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1464] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\System32\spoolsv.exe[1584] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 71020000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1832] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1852] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdc102d0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdc10148 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdc10260 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdc101b8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdc10110 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdc100d8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdc10298 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdc10180 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdc101f0 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdc10228 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[1888] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdba02d0 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdba0148 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdba0260 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdba01b8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdba0110 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdba00d8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdba0298 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdba0180 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdba01f0 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdba0228 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe[1924] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[1336] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[1336] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdc102d0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdc10148 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdc10260 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdc101b8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdc10110 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdc100d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdc10298 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdc10180 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdc101f0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1656] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdc10228 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 708c0000 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe[1944] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[2208] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 6d6f0000 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\OLE32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\ProgramData\PLAY INTERNET\OnlineUpdate\ouc.exe[2300] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdce02d0 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdce0148 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdce0260 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdce01b8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdce0110 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdce00d8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdce0298 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdce0180 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdce01f0 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdce0228 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\SlimService\SlimServiceFactory.exe[2308] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 71380000 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\user32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe[2340] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[2372] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[2372] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0180 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\taskhost.exe[2540] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\taskeng.exe[2592] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\Dwm.exe[2668] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\Explorer.EXE[2676] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0180 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\Explorer.EXE[2676] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 70320000 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\ProgramData\DatacardService\DCSHelper.exe[2936] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[3292] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[3292] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\System32\WUDFHost.exe[3408] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077cabeb0 8 bytes JMP 000000006ffe00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdba02d0 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdba0148 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdba0260 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdba01b8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdba0110 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdba00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdba0298 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdba0180 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdba01f0 .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3976] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdba0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4072] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[492] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[2168] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Windows\System32\hkcmd.exe[2692] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Windows\System32\igfxpers.exe[400] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4172] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileExW 0000000077b42b60 13 bytes JMP 0000000037ca0418 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077b51870 5 bytes JMP 0000000037ca0298 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077b5dd20 5 bytes JMP 000000006fff0228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077bcf6e0 8 bytes JMP 0000000037ca0598 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077bcf710 5 bytes JMP 0000000037ca04d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileW 0000000077bcf7e0 10 bytes JMP 0000000037ca0358 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077bcf8e0 8 bytes JMP 0000000037ca0538 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileExA 0000000077bcf910 10 bytes JMP 0000000037ca03b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileA 0000000077bcf940 10 bytes JMP 0000000037ca02f8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077bd5730 5 bytes JMP 0000000037ca0478 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[4268] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\SearchIndexer.exe[4352] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 6e020000 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c41401 2 bytes JMP 774db233 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c41419 2 bytes JMP 774db35e C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c41431 2 bytes JMP 77559149 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c4144a 2 bytes CALL 774b4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c414dd 2 bytes JMP 77558a42 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c414f5 2 bytes JMP 77558c18 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c4150d 2 bytes JMP 77558938 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c41525 2 bytes JMP 77558d02 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c4153d 2 bytes JMP 774cfcc0 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c41555 2 bytes JMP 774d6907 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c4156d 2 bytes JMP 77559201 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c41585 2 bytes JMP 77558d62 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c4159d 2 bytes JMP 775588fc C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c415b5 2 bytes JMP 774cfd59 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c415cd 2 bytes JMP 774db2f4 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c416b2 2 bytes JMP 775590c4 C:\windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\RunDll32.exe[4428] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c416bd 2 bytes JMP 77558891 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 716e0000 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c41401 2 bytes JMP 774db233 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c41419 2 bytes JMP 774db35e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c41431 2 bytes JMP 77559149 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c4144a 2 bytes CALL 774b4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c414dd 2 bytes JMP 77558a42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c414f5 2 bytes JMP 77558c18 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c4150d 2 bytes JMP 77558938 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c41525 2 bytes JMP 77558d02 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c4153d 2 bytes JMP 774cfcc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c41555 2 bytes JMP 774d6907 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c4156d 2 bytes JMP 77559201 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c41585 2 bytes JMP 77558d62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c4159d 2 bytes JMP 775588fc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c415b5 2 bytes JMP 774cfd59 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c415cd 2 bytes JMP 774db2f4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c416b2 2 bytes JMP 775590c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c416bd 2 bytes JMP 77558891 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[4640] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe[4728] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 6d3a0000 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c41401 2 bytes JMP 774db233 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c41419 2 bytes JMP 774db35e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c41431 2 bytes JMP 77559149 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c4144a 2 bytes CALL 774b4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c414dd 2 bytes JMP 77558a42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c414f5 2 bytes JMP 77558c18 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c4150d 2 bytes JMP 77558938 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c41525 2 bytes JMP 77558d02 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c4153d 2 bytes JMP 774cfcc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c41555 2 bytes JMP 774d6907 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c4156d 2 bytes JMP 77559201 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c41585 2 bytes JMP 77558d62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c4159d 2 bytes JMP 775588fc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c415b5 2 bytes JMP 774cfd59 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c415cd 2 bytes JMP 774db2f4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c416b2 2 bytes JMP 775590c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe[4756] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c416bd 2 bytes JMP 77558891 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe[1800] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 6d940000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4880] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000759b9c3b 5 bytes JMP 0000000073f1c2e0 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\svchost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\svchost.exe[2788] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 6d190000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c41401 2 bytes JMP 774db233 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c41419 2 bytes JMP 774db35e C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c41431 2 bytes JMP 77559149 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c4144a 2 bytes CALL 774b4885 C:\windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c414dd 2 bytes JMP 77558a42 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c414f5 2 bytes JMP 77558c18 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c4150d 2 bytes JMP 77558938 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c41525 2 bytes JMP 77558d02 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c4153d 2 bytes JMP 774cfcc0 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c41555 2 bytes JMP 774d6907 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c4156d 2 bytes JMP 77559201 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c41585 2 bytes JMP 77558d62 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c4159d 2 bytes JMP 775588fc C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c415b5 2 bytes JMP 774cfd59 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c415cd 2 bytes JMP 774db2f4 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c416b2 2 bytes JMP 775590c4 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3920] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c416bd 2 bytes JMP 77558891 C:\windows\syswow64\KERNEL32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdce02d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdce0148 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdce0260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdce01b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdce0110 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdce00d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdce0298 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdce0180 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdce01f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1328] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdce0228 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007fefdd002d0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007fefdd00148 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007fefdd00260 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007fefdd001b8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007fefdd00110 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007fefdd000d8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007fefdd00298 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007fefdd00180 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007fefdd001f0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4032] C:\windows\system32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007fefdd00228 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077c82280 5 bytes JMP 0000000037ca01d8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077cabe20 8 bytes JMP 0000000037ca0178 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077cabef0 8 bytes JMP 0000000037ca1d98 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077cabff0 8 bytes JMP 0000000037ca1978 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077cac060 8 bytes JMP 0000000037ca1c18 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077cac0a0 8 bytes JMP 0000000037ca1b58 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077cac140 8 bytes JMP 0000000037ca1c78 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077cac1b0 8 bytes JMP 0000000037ca1678 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077cac1d0 8 bytes JMP 0000000037ca1af8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077cac210 8 bytes JMP 0000000037ca17f8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077cac260 8 bytes JMP 0000000037ca1858 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077cac280 8 bytes JMP 0000000037ca1bb8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077cac470 8 bytes JMP 0000000037ca1e58 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077cac480 8 bytes JMP 0000000037ca15b8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077cac580 8 bytes JMP 0000000037ca1558 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077cac650 8 bytes JMP 0000000037ca19d8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077cac690 8 bytes JMP 0000000037ca16d8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077cac700 8 bytes JMP 0000000037ca1618 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077cac730 8 bytes JMP 0000000037ca1798 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077cac790 8 bytes JMP 0000000037ca1738 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077cac7a0 8 bytes JMP 0000000037ca1cd8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cac7b0 8 bytes JMP 0000000037ca1df8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077cacb20 8 bytes JMP 0000000037ca1a38 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077cacbb0 8 bytes JMP 0000000037ca1d38 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077cad420 8 bytes JMP 0000000037ca1a98 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077cad4a0 8 bytes JMP 0000000037ca18b8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077cad520 8 bytes JMP 0000000037ca1918 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc33a50 7 bytes JMP 000007febd590238 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\KERNELBASE.dll!DefineDosDeviceW 000007fefdc5ff00 5 bytes JMP 000007febd590298 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!DeleteDC 000007fefdd122f0 5 bytes JMP 000007febd590538 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!BitBlt 000007fefdd123a0 5 bytes JMP 000007febd590598 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!GdiAlphaBlend 000007fefdd13e40 5 bytes JMP 000007febd5904d8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!MaskBlt 000007fefdd17534 5 bytes JMP 000007febd5905f8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!CreateDCW 000007fefdd181b4 9 bytes JMP 000007febd5903b8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!CreateDCA 000007fefdd187f4 9 bytes JMP 000007febd590358 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!GetPixel 000007fefdd18d4c 5 bytes JMP 000007febd590418 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!StretchBlt 000007fefdd1baa4 5 bytes JMP 000007febd5906b8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!PlgBlt 000007fefdd1c7a0 5 bytes JMP 000007febd590658 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\GDI32.dll!GdiTransparentBlt 000007fefdd252e0 5 bytes JMP 000007febd590478 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\ole32.dll!CoCreateInstance 000007fefdfb3600 1 byte JMP 000007febd5902f8 .text C:\windows\system32\AUDIODG.EXE[1272] C:\windows\System32\ole32.dll!CoCreateInstance + 2 000007fefdfb3602 4 bytes {JMP 0xffffffffbf5dccf8} .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077e5f9f0 5 bytes JMP 0000000073f22e50 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e5fb38 5 bytes JMP 0000000073f183f0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e5fcc0 5 bytes JMP 0000000073f17990 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077e5fd74 5 bytes JMP 0000000073f190a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e5fdd8 5 bytes JMP 0000000073f18790 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077e5fed0 5 bytes JMP 0000000073f1abb0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077e5ff84 5 bytes JMP 0000000073f16c00 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e5ffb4 5 bytes JMP 0000000073f189a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e60014 5 bytes JMP 0000000073f17550 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077e60094 5 bytes JMP 0000000073f177a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e600c4 5 bytes JMP 0000000073f18d50 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077e603c8 5 bytes JMP 0000000073f1a0a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077e603e0 5 bytes JMP 0000000073f1b970 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077e60560 5 bytes JMP 0000000073f1b690 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077e606a4 5 bytes JMP 0000000073f17b80 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077e60704 5 bytes JMP 0000000073f1ba80 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e607ac 5 bytes JMP 0000000073f16af0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077e607f4 5 bytes JMP 0000000073f1bb90 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077e60884 5 bytes JMP 0000000073f16d10 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077e6089c 5 bytes JMP 0000000073f1ae80 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e608b4 5 bytes JMP 0000000073f1a5d0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e60e04 5 bytes JMP 0000000073f17df0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077e60ee8 5 bytes JMP 0000000073f18200 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e61bf4 5 bytes JMP 0000000073f17ff0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077e61cc4 5 bytes JMP 0000000073f1aa60 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e61d9c 5 bytes JMP 0000000073f185e0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077e7d2f6 7 bytes JMP 0000000073f22cd0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000774c3bbb 5 bytes JMP 0000000073ceedf0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000774c9abc 2 bytes JMP 0000000073f0efe0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW + 3 00000000774c9abf 2 bytes [A4, FC] .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!CopyFileExW 00000000774d3b7a 7 bytes JMP 0000000073f0fba0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000774dcd11 5 bytes JMP 0000000073f0ecd0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007752ddde 7 bytes JMP 0000000073f0f210 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007752de81 7 bytes JMP 0000000073f0f520 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000779df8a7 5 bytes JMP 0000000073f22cb0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000779dfcda 5 bytes JMP 0000000073f16400 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 00000000779e2e0b 4 bytes CALL 710a0000 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075b58332 5 bytes JMP 0000000073f23de0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075b58bff 5 bytes JMP 0000000073f24750 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075b590d3 7 bytes JMP 0000000073f23800 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075b59679 5 bytes JMP 0000000073f24c40 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075b597d2 5 bytes JMP 0000000073f251a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetWinEventHook 0000000075b5ee21 5 bytes JMP 0000000073f239d0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!RegisterHotKey 0000000075b5efe1 5 bytes JMP 0000000073f278d0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetThreadDesktop 0000000075b602ae 5 bytes JMP 0000000073cf1480 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PostMessageW 0000000075b612bd 5 bytes JMP 0000000073f24260 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!GetKeyState 0000000075b62797 5 bytes JMP 0000000073f26860 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!MoveWindow 0000000075b63ef0 5 bytes JMP 0000000073f26f10 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetParent 0000000075b645cc 5 bytes JMP 0000000073f27130 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075b6460c 5 bytes JMP 0000000073f27af0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075b64713 5 bytes JMP 0000000073f26ad0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!GetKeyboardState 0000000075b647e5 5 bytes JMP 0000000073f265c0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075b64bbc 1 byte JMP 0000000073f23fc0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PostMessageA + 2 0000000075b64bbe 3 bytes {JMP 0xfffffffffe3bf404} .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075b64d1d 5 bytes JMP 0000000073f24500 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075b671e0 5 bytes JMP 0000000073f23c00 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageA 0000000075b671fe 5 bytes JMP 0000000073f249a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075b67d59 7 bytes JMP 0000000073f23620 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b681f5 5 bytes JMP 0000000073f23300 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075b6825a 5 bytes JMP 0000000073f25c30 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075b682d2 5 bytes JMP 0000000073f25700 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075b68411 5 bytes JMP 0000000073f24ee0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b68f4c 5 bytes JMP 0000000073f23040 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetClipboardViewer 0000000075b6cc1e 5 bytes JMP 0000000073f27320 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!ClipCursor 0000000075b6f2b3 5 bytes JMP 0000000073f27f00 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075b7a072 5 bytes JMP 0000000073f25ec0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075b7dbf5 5 bytes JMP 0000000073f26110 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendInput 0000000075b7ff2a 5 bytes JMP 0000000073cf1810 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetClipboardData 0000000075b98e6f 5 bytes JMP 0000000073cf1b80 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000075b998b5 5 bytes JMP 0000000073f28160 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075b99fa4 5 bytes JMP 0000000073cf1c10 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!ExitWindowsEx 0000000075ba1533 5 bytes JMP 0000000073f27d20 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SetSystemCursor 0000000075bb0299 5 bytes JMP 0000000073f28300 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!mouse_event 0000000075bb030f 5 bytes JMP 0000000073cf1a80 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!keybd_event 0000000075bb0353 5 bytes JMP 0000000073cf19a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075bb6d94 5 bytes JMP 0000000073f25460 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075bb6df5 5 bytes JMP 0000000073f259a0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!BlockInput 0000000075bb7e6f 5 bytes JMP 0000000073f274f0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!PrintWindow 0000000075bb88c3 5 bytes JMP 0000000073cebcc0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075bb8983 5 bytes JMP 0000000073f26d30 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!DeleteDC 00000000757c58b3 5 bytes JMP 0000000073cebdc0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!BitBlt 00000000757c5ea5 5 bytes JMP 0000000073cea4d0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!CreateDCA 00000000757c7bb4 5 bytes JMP 0000000073cea200 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!GetPixel 00000000757ca854 5 bytes JMP 0000000073cebaf0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!StretchBlt 00000000757cac45 5 bytes JMP 0000000073cea870 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!GdiTransparentBlt 00000000757caf54 5 bytes JMP 0000000073ceb390 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!MaskBlt 00000000757cbdd9 5 bytes JMP 0000000073ceac20 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!CreateDCW 00000000757cd7fd 5 bytes JMP 0000000073cea3b0 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!GdiAlphaBlend 00000000757de524 5 bytes JMP 0000000073ceb740 .text C:\Users\IZA\Desktop\GMER\j9n9hutv.exe[4568] C:\windows\syswow64\GDI32.dll!PlgBlt 00000000757f4b42 5 bytes JMP 0000000073ceafe0 ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4900:1980] 000007fefb942ae8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4900:2080] 000007fee9048a28 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4900:4968] 000007fefa315124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4900:948] 000007fee8fad668 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4900:4708] 000007fee9048a28 Thread C:\windows\SysWOW64\ntdll.dll [3260:4044] 000000000134cef6 Thread C:\windows\SysWOW64\ntdll.dll [3260:2276] 000000000134e61f ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e599a42e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e599a42e@d45d42a24eb0 0x05 0xEB 0x19 0xFA ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e599a42e@b0c4e7b3e052 0x53 0xF7 0x61 0x66 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e599a42e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e599a42e@d45d42a24eb0 0x05 0xEB 0x19 0xFA ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e599a42e@b0c4e7b3e052 0x53 0xF7 0x61 0x66 ... ---- EOF - GMER 2.2 ----