GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-05 11:47:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD5000BPKX-75HPJT0 rev.01.01A01 465,76GB Running: 3f3dkhuz.exe; Driver: C:\Users\TOMEK\AppData\Local\Temp\kwddykog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007711bde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007711bfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\csrss.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007711bde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007711bfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe5f2930 5 bytes JMP 000007febcc40358 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000076eb5330 7 bytes JMP 0000000037111498 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076eb6ea0 8 bytes JMP 0000000037111018 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076eb80e4 7 bytes JMP 00000000371112b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetParent 0000000076eb8480 8 bytes JMP 0000000037111078 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000076eb9b10 6 bytes JMP 00000000371107d8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!PostMessageA 0000000076eba354 5 bytes JMP 0000000037110958 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!EnableWindow 0000000076ebaa00 9 bytes JMP 0000000037111378 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!MoveWindow 0000000076ebaa30 8 bytes JMP 00000000371110d8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 0000000076ebb474 6 bytes JMP 0000000037110898 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076ebc63c 5 bytes JMP 0000000037110fb8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076ebcc90 8 bytes JMP 0000000037111258 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076ebd204 5 bytes JMP 0000000037110a18 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageA 0000000076ebd290 5 bytes JMP 0000000037110ad8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076ebdbc0 9 bytes JMP 0000000037110d78 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076ebf490 7 bytes JMP 0000000037111318 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076ebf804 9 bytes JMP 0000000037110718 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076ebfa50 9 bytes JMP 0000000037110bf8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076ec0b14 10 bytes JMP 0000000037110a78 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000076ec3340 8 bytes JMP 0000000037110838 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076ec4ccc 5 bytes JMP 0000000037110778 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetKeyState 0000000076ec4f80 3 bytes JMP 0000000037110f58 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetKeyState + 4 0000000076ec4f84 1 byte [C0] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076ec53d0 7 bytes JMP 0000000037110cb8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageW 0000000076ec6b04 3 bytes JMP 0000000037110b38 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageW + 4 0000000076ec6b08 1 byte [C0] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 0000000076ec76ac 8 bytes JMP 00000000371108f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!PostMessageW 0000000076ec76d4 7 bytes JMP 00000000371109b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076ecdd9c 3 bytes JMP 0000000037110e38 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendDlgItemMessageW + 4 0000000076ecdda0 1 byte [C0] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076ece854 3 bytes JMP 00000000371111f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetClipboardData + 4 0000000076ece858 1 byte [C0] .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076ecf780 8 bytes JMP 0000000037111138 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076ed28d4 12 bytes JMP 0000000037110d18 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!mouse_event 0000000076ed3874 7 bytes JMP 0000000037110658 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076ed89c0 8 bytes JMP 0000000037110ef8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076ed8b88 12 bytes JMP 0000000037110b98 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076ed8bd0 12 bytes JMP 00000000371106b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendInput 0000000076ed8c90 8 bytes JMP 0000000037110e98 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!BlockInput 0000000076edad10 8 bytes JMP 0000000037111198 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!ClipCursor 0000000076edad60 8 bytes JMP 0000000037111438 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076f01534 5 bytes JMP 00000000371113d8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SetSystemCursor 0000000076f245b0 5 bytes JMP 00000000371114f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!keybd_event 0000000076f24610 7 bytes JMP 00000000371105f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076f2cc7c 5 bytes JMP 0000000037110dd8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076f2df8c 7 bytes JMP 0000000037110c58 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc40418 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc40718 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\services.exe[692] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\lsass.exe[724] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\lsm.exe[732] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe5f2930 5 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc40718 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe5f2930 5 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc40718 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe5f2930 5 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc40718 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\AUDIODG.EXE[1180] C:\Windows\System32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\WLTRYSVC.EXE[1536] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\WLANExt.exe[1548] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\conhost.exe[1560] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\bcmwltry.exe[1580] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\spoolsv.exe[1704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe5f2930 5 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc40718 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[1824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\HitmanPro\hmpsched.exe[1864] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\Dwm.exe[1936] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000076eb5330 7 bytes JMP 0000000037111498 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076eb6ea0 8 bytes JMP 0000000037111018 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076eb80e4 7 bytes JMP 00000000371112b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetParent 0000000076eb8480 8 bytes JMP 0000000037111078 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000076eb9b10 6 bytes JMP 00000000371107d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!PostMessageA 0000000076eba354 5 bytes JMP 0000000037110958 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!EnableWindow 0000000076ebaa00 9 bytes JMP 0000000037111378 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!MoveWindow 0000000076ebaa30 8 bytes JMP 00000000371110d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 0000000076ebb474 6 bytes JMP 0000000037110898 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076ebc63c 5 bytes JMP 0000000037110fb8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076ebcc90 8 bytes JMP 0000000037111258 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076ebd204 5 bytes JMP 0000000037110a18 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageA 0000000076ebd290 5 bytes JMP 0000000037110ad8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076ebdbc0 9 bytes JMP 0000000037110d78 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076ebf490 7 bytes JMP 0000000037111318 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076ebf804 9 bytes JMP 0000000037110718 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076ebfa50 9 bytes JMP 0000000037110bf8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076ec0b14 10 bytes JMP 0000000037110a78 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000076ec3340 8 bytes JMP 0000000037110838 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000076ec4ccc 5 bytes JMP 0000000037110778 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetKeyState 0000000076ec4f80 3 bytes JMP 0000000037110f58 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetKeyState + 4 0000000076ec4f84 1 byte [C0] .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076ec53d0 7 bytes JMP 0000000037110cb8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageW 0000000076ec6b04 3 bytes JMP 0000000037110b38 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageW + 4 0000000076ec6b08 1 byte [C0] .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 0000000076ec76ac 8 bytes JMP 00000000371108f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!PostMessageW 0000000076ec76d4 7 bytes JMP 00000000371109b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076ecdd9c 3 bytes JMP 0000000037110e38 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendDlgItemMessageW + 4 0000000076ecdda0 1 byte [C0] .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076ece854 3 bytes JMP 00000000371111f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetClipboardData + 4 0000000076ece858 1 byte [C0] .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076ecf780 8 bytes JMP 0000000037111138 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076ed28d4 12 bytes JMP 0000000037110d18 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!mouse_event 0000000076ed3874 7 bytes JMP 0000000037110658 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076ed89c0 8 bytes JMP 0000000037110ef8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076ed8b88 12 bytes JMP 0000000037110b98 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076ed8bd0 12 bytes JMP 00000000371106b8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendInput 0000000076ed8c90 8 bytes JMP 0000000037110e98 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!BlockInput 0000000076edad10 8 bytes JMP 0000000037111198 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!ClipCursor 0000000076edad60 8 bytes JMP 0000000037111438 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076f01534 5 bytes JMP 00000000371113d8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SetSystemCursor 0000000076f245b0 5 bytes JMP 00000000371114f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!keybd_event 0000000076f24610 7 bytes JMP 00000000371105f8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076f2cc7c 5 bytes JMP 0000000037110dd8 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076f2df8c 7 bytes JMP 0000000037110c58 .text C:\Windows\Explorer.EXE[1968] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe[1440] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes [9B, 71] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes {JMP QWORD [RIP+0x719e001e]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes {CALL QWORD [RIP+0x71ac000a]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes {JMP QWORD [RIP+0x7195001e]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes {JMP QWORD [RIP+0x7192001e]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1976] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 716f000a .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe[2068] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\BtwRSupportService.exe[2136] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\svchost.exe[2168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[2208] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\taskhost.exe[2216] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[2252] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe[2468] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\taskeng.exe[2568] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[2816] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\igfxtray.exe[2860] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[2884] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe[2916] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\hkcmd.exe[1332] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\wbem\wmiprvse.exe[3128] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007711beb0 8 bytes JMP 000000006fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 000000006fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[3352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[3668] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\svchost.exe[3700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\WUDFHost.exe[3812] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\igfxpers.exe[4152] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\DellTPad\Apoint.exe[4248] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe[4304] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\DellTPad\ApMsgFwd.exe[4376] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\DellTPad\Apntex.exe[4448] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\conhost.exe[4464] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\DellTPad\HidFind.exe[4488] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\WLTRAY.EXE[4512] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4756] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\SearchIndexer.exe[4980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Logitech\LogiOptions\LogiOptions.exe[4992] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70bb000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70bb000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70dc000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70dc000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70c7000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70c7000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70cd000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70cd000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70c4000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70c4000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70f4000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70f4000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70d0000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70d0000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70e8000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70e8000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70e5000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70e5000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70ca000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70ca000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 70b5000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 70b5000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70fa000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70fa000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70fd000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70fd000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70d9000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70d9000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70f1000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70f1000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70f7000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70f7000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70eb000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70eb000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70ee000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70ee000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70c1000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70c1000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 70b8000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 70b8000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70d6000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70d6000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70be000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70be000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70d3000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70d3000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70e2000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70e2000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70df000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70df000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f79698 6 bytes JMP 7178000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007617bae9 6 bytes JMP 717b000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 7175000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 716c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7172000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 716f000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 7157000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 714b000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 7106000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 7145000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 713f000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 715d000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 710c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 710c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7151000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 7124000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 7118000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 7118000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 711b000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 711b000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 7103000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7121000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 7127000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 7127000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 7154000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 714e000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 715a000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 7148000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 7109000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7160000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7133000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 7139000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7142000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7163000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 7115000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 7115000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7130000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 712d000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 712a000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 712a000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 710f000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 7100000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 7166000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 7169000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 713c000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 7136000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 7112000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 7112000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 711e000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 711e000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075079cbb 6 bytes JMP 7199000a .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe[5020] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\CCleaner\CCleaner64.exe[5100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 7081000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 7081000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70a2000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70a2000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 708d000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 708d000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 7093000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 7093000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 708a000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 708a000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 7096000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 7096000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70ab000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70ab000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 7090000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 7090000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 707b000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 707b000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 709f000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 709f000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 7087000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 7087000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 707e000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 707e000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 709c000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 709c000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 7084000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 7084000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 7099000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 7099000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70a8000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70a8000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70a5000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70a5000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7167000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 7144000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 7184000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7164000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7147000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7147000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetWindowLongW 0000000075248332 6 bytes JMP 711d000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000075248bff 6 bytes JMP 7111000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 00000000752490d3 6 bytes JMP 70cc000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000075249679 6 bytes JMP 710b000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 7105000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetWinEventHook 000000007524ee21 6 bytes JMP 7123000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!RegisterHotKey 000000007524efe1 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!PostMessageW 00000000752512bd 6 bytes JMP 7117000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!GetKeyState 0000000075252797 6 bytes JMP 70ea000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000075253ef0 3 bytes JMP 70de000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!MoveWindow + 4 0000000075253ef4 2 bytes JMP 70de000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetParent 00000000752545cc 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetParent + 4 00000000752545d0 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!EnableWindow 000000007525460c 6 bytes JMP 70c9000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 0000000075254713 6 bytes JMP 70e7000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!GetKeyboardState 00000000752547e5 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000075254bbc 6 bytes JMP 711a000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000075254d1d 6 bytes JMP 7114000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetWindowLongA 00000000752571e0 6 bytes JMP 7120000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageA 00000000752571fe 6 bytes JMP 710e000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000075257d59 6 bytes JMP 70cf000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7126000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 000000007525825a 6 bytes JMP 70f9000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 00000000752582d2 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7108000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7129000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 000000007525cc1e 3 bytes JMP 70db000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 70db000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 000000007526a072 6 bytes JMP 70f6000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 70f3000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendInput 000000007526ff2a 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendInput + 4 000000007526ff2e 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000075289fa4 6 bytes JMP 70d5000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000075291533 6 bytes JMP 70c6000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!mouse_event 00000000752a030f 6 bytes JMP 712c000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!keybd_event 00000000752a0353 6 bytes JMP 712f000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 7102000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!BlockInput 00000000752a7e6f 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!BlockInput + 4 00000000752a7e73 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 7187000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 713b000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 7132000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7138000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 7135000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f79698 6 bytes JMP 713e000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007617bae9 6 bytes JMP 7141000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075079cbb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Gadu-Gadu\gg.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe[4776] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70bb000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70bb000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70dc000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70dc000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70c7000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70c7000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70cd000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70cd000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70c4000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70c4000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70f4000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70f4000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70d0000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70d0000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70e8000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70e8000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70e5000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70e5000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70ca000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70ca000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 70b5000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 70b5000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70fa000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70fa000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70fd000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70fd000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70d9000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70d9000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70f1000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70f1000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70f7000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70f7000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70eb000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70eb000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70ee000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70ee000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70c1000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70c1000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 70b8000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 70b8000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70d6000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70d6000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70be000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70be000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70d3000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70d3000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70e2000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70e2000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70df000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70df000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 7157000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 714b000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 7106000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 7145000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 713f000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 715d000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 710c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 710c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7151000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 7124000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 7118000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 7118000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 711b000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 711b000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 7103000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7121000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 7127000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 7127000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 7154000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 714e000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 715a000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 7148000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 7109000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7160000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7133000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 7139000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7142000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7163000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 7115000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 7115000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7130000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 712d000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 712a000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 712a000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 710f000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 7100000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 7166000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 7169000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 713c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 7136000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 7112000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 7112000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 711e000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 711e000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 7175000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 716c000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7172000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 716f000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f79698 6 bytes JMP 7178000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007617bae9 6 bytes JMP 717b000a .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\CONEXANT\DLD\DLG.exe[5200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\wbem\unsecapp.exe[5352] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Dell\QuickSet\quickset.exe[5420] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\System32\svchost.exe[5640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70a0000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70a0000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70c1000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70c1000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70ac000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70ac000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70b2000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70b2000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70a9000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70a9000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70d9000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70d9000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70b5000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70b5000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70cd000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70cd000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70ca000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70ca000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70af000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70af000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 709a000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 709a000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70df000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70df000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70e2000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70e2000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70be000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70be000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70d6000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70d6000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70dc000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70dc000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70d0000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70d0000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70d3000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70d3000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70a6000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70a6000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 709d000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 709d000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70bb000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70bb000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70a3000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70a3000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70b8000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70b8000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70c7000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70c7000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70c4000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70c4000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 717b000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 7172000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7178000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 7175000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 715d000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 7151000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 70eb000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 714b000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 7145000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 7163000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 70f1000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 70f1000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7157000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 7109000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 70fd000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 70fd000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 7100000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 7100000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 70e8000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7106000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 710c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 710c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 715a000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 7154000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 7160000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 714e000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 70ee000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7166000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7139000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 713f000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7148000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7169000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 70fa000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 70fa000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7136000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 7112000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 710f000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 710f000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 70f4000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 70e5000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 716c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 716f000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 7142000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 713c000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 70f7000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 70f7000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 7103000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 7103000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075079cbb 6 bytes JMP 7199000a .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\OEM02Mon.exe[5856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Windows\system32\wbem\wmiprvse.exe[5964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 7096000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 7096000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 00000000cbbad1fd .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 7099000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 7099000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70de000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70db000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 716c000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7172000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 716f000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 7102000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 715d000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 7108000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 7108000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7151000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 7120000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 7114000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 7114000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 7117000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 70ff000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 711d000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 7123000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 7123000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 7154000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 714e000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 715a000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 7148000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 7105000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7160000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 712f000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 7135000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7142000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 7111000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 712c000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 7129000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 7126000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 7126000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 710b000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 7166000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 7169000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 7138000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 7132000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 710e000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 710e000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 711a000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075079cbb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f79698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007617bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe[5988] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076fb2b60 13 bytes JMP 0000000037110418 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000076fc1870 5 bytes JMP 0000000037110298 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076fcdd20 5 bytes JMP 0000000037110238 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007703f6e0 8 bytes JMP 0000000037110598 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007703f710 5 bytes JMP 00000000371104d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileW 000000007703f7e0 10 bytes JMP 0000000037110358 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007703f8e0 8 bytes JMP 0000000037110538 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007703f910 10 bytes JMP 00000000371103b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileA 000000007703f940 10 bytes JMP 00000000371102f8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077045730 5 bytes JMP 0000000037110478 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[5172] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70a1000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70a1000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70c2000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70c2000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70ad000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70ad000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70b3000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70b3000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70aa000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70aa000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70da000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70da000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70b6000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70b6000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70ce000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70ce000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70cb000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70cb000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70b0000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70b0000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 709b000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 709b000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 70e0000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 70e0000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 70e3000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 70e3000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70bf000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70bf000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70d7000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70d7000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70dd000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70dd000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70d1000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70d1000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70d4000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70d4000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70a7000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70a7000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 709e000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 709e000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70bc000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70bc000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70a4000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70a4000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70b9000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70b9000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70c8000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70c8000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70c5000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70c5000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 7164000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7167000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7167000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 715b000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 7152000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7158000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 7155000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 713d000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 7131000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 70ec000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 712b000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 7125000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 7143000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 70f2000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 70f2000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7137000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 710a000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 70fe000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 70fe000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 7101000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetParent + 5 00000000752545d1 1 byte [71] .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 70e9000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7107000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 710d000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 710d000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 713a000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 7134000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 7140000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 712e000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 70ef000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7146000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7119000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 711f000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7128000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7149000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 70fb000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 70fb000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7116000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 7113000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 7110000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 7110000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 70f5000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 70e6000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 714c000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 714f000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 7122000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 711c000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 70f8000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 70f8000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 7104000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 7104000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075079cbb 6 bytes JMP 7199000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075f79698 6 bytes JMP 715e000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 000000007617bae9 6 bytes JMP 7161000a .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\system32\wuauclt.exe[976] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000772cf9f0 3 bytes JMP 71af000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 00000000772cf9f4 2 bytes JMP 71af000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000772cfb38 3 bytes JMP 70c1000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 00000000772cfb3c 2 bytes JMP 70c1000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000772cfcc0 3 bytes JMP 70e2000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 00000000772cfcc4 2 bytes JMP 70e2000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000772cfd74 3 bytes JMP 70cd000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 00000000772cfd78 2 bytes JMP 70cd000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000772cfdd8 3 bytes JMP 70d3000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 00000000772cfddc 2 bytes JMP 70d3000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000772cfed0 3 bytes JMP 70ca000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 00000000772cfed4 2 bytes JMP 70ca000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000772cff84 3 bytes JMP 70fa000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 00000000772cff88 2 bytes JMP 70fa000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000772cffb4 3 bytes JMP 70d6000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 00000000772cffb8 2 bytes JMP 70d6000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000772d0014 3 bytes JMP 70ee000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 00000000772d0018 2 bytes JMP 70ee000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000772d0094 3 bytes JMP 70eb000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 00000000772d0098 2 bytes JMP 70eb000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000772d00c4 3 bytes JMP 70d0000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000772d00c8 2 bytes JMP 70d0000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000772d03c8 3 bytes JMP 70bb000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 00000000772d03cc 2 bytes JMP 70bb000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000772d03e0 3 bytes JMP 7100000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 00000000772d03e4 2 bytes JMP 7100000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772d0560 3 bytes JMP 7103000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 00000000772d0564 2 bytes JMP 7103000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000772d06a4 3 bytes JMP 70df000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 00000000772d06a8 2 bytes JMP 70df000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000772d0704 3 bytes JMP 70f7000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 00000000772d0708 2 bytes JMP 70f7000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000772d07ac 3 bytes JMP 70fd000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 00000000772d07b0 2 bytes JMP 70fd000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000772d07f4 3 bytes JMP 70f1000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 00000000772d07f8 2 bytes JMP 70f1000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000772d0884 3 bytes JMP 70f4000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 00000000772d0888 2 bytes JMP 70f4000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000772d089c 3 bytes JMP 70c7000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 00000000772d08a0 2 bytes JMP 70c7000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000772d08b4 3 bytes JMP 70be000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 00000000772d08b8 2 bytes JMP 70be000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000772d0e04 3 bytes JMP 70dc000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 00000000772d0e08 2 bytes JMP 70dc000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000772d0ee8 3 bytes JMP 70c4000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 00000000772d0eec 2 bytes JMP 70c4000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000772d1bf4 3 bytes JMP 70d9000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 00000000772d1bf8 2 bytes JMP 70d9000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000772d1cc4 3 bytes JMP 70e8000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 00000000772d1cc8 2 bytes JMP 70e8000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000772d1d9c 3 bytes JMP 70e5000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 00000000772d1da0 2 bytes JMP 70e5000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000772ed2f6 6 bytes JMP 71a8000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075353bbb 3 bytes JMP 719c000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075353bbf 2 bytes JMP 719c000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075359abc 6 bytes JMP 7187000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075363b7a 6 bytes JMP 717e000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007536cd11 6 bytes JMP 718a000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000753bddde 6 bytes JMP 7184000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000753bde81 3 bytes JMP 7181000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW + 4 00000000753bde85 2 bytes JMP 7181000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000074e7f8a7 6 bytes JMP 719f000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000074e82e0b 4 bytes CALL 71ac0000 .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075248332 6 bytes JMP 715d000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075248bff 6 bytes JMP 7151000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000752490d3 6 bytes JMP 710c000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075249679 6 bytes JMP 714b000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000752497d2 6 bytes JMP 7145000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007524ee21 6 bytes JMP 7163000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007524efe1 3 bytes JMP 7112000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007524efe5 2 bytes JMP 7112000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000752512bd 6 bytes JMP 7157000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075252797 6 bytes JMP 712a000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075253ef0 3 bytes JMP 711e000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 0000000075253ef4 2 bytes JMP 711e000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetParent 00000000752545cc 3 bytes JMP 7121000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000752545d0 2 bytes JMP 7121000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!EnableWindow 000000007525460c 6 bytes JMP 7109000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075254713 6 bytes JMP 7127000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000752547e5 3 bytes JMP 712d000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000752547e9 2 bytes JMP 712d000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075254bbc 6 bytes JMP 715a000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075254d1d 6 bytes JMP 7154000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000752571e0 6 bytes JMP 7160000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000752571fe 6 bytes JMP 714e000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075257d59 6 bytes JMP 710f000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000752581f5 6 bytes JMP 7166000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 000000007525825a 6 bytes JMP 7139000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000752582d2 6 bytes JMP 713f000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075258411 6 bytes JMP 7148000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075258f4c 6 bytes JMP 7169000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007525cc1e 3 bytes JMP 711b000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007525cc22 2 bytes JMP 711b000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007526a072 6 bytes JMP 7136000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007526dbf5 6 bytes JMP 7133000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendInput 000000007526ff2a 3 bytes JMP 7130000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007526ff2e 2 bytes JMP 7130000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075289fa4 6 bytes JMP 7115000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075291533 6 bytes JMP 7106000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!mouse_event 00000000752a030f 6 bytes JMP 716c000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!keybd_event 00000000752a0353 6 bytes JMP 716f000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000752a6d94 6 bytes JMP 7142000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000752a6df5 6 bytes JMP 713c000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!BlockInput 00000000752a7e6f 3 bytes JMP 7118000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000752a7e73 2 bytes JMP 7118000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000752a8983 3 bytes JMP 7124000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000752a8987 2 bytes JMP 7124000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075a258b3 6 bytes JMP 718d000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075a25ea5 6 bytes JMP 717b000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075a27bcc 6 bytes JMP 7196000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075a2b98a 6 bytes JMP 7190000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075a2bd7d 6 bytes JMP 7172000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075a2cf11 6 bytes JMP 7178000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075a2e935 6 bytes JMP 7193000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075a54aa2 6 bytes JMP 7175000a .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074e31401 2 bytes JMP 7536b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074e31419 2 bytes JMP 7536b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074e31431 2 bytes JMP 753e9149 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074e3144a 2 bytes CALL 75344885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074e314dd 2 bytes JMP 753e8a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074e314f5 2 bytes JMP 753e8c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074e3150d 2 bytes JMP 753e8938 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074e31525 2 bytes JMP 753e8d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074e3153d 2 bytes JMP 7535fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074e31555 2 bytes JMP 75366907 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074e3156d 2 bytes JMP 753e9201 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074e31585 2 bytes JMP 753e8d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074e3159d 2 bytes JMP 753e88fc C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074e315b5 2 bytes JMP 7535fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074e315cd 2 bytes JMP 7536b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074e316b2 2 bytes JMP 753e90c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TOMEK\Desktop\3f3dkhuz.exe[6952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074e316bd 2 bytes JMP 753e8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000770f2280 5 bytes JMP 00000000371101d8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007711be20 8 bytes JMP 0000000037110178 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007711bef0 8 bytes JMP 0000000037111d98 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007711bff0 8 bytes JMP 0000000037111978 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 000000007711c060 8 bytes JMP 0000000037111c18 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007711c0a0 8 bytes JMP 0000000037111b58 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007711c140 8 bytes JMP 0000000037111c78 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007711c1b0 8 bytes JMP 0000000037111678 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007711c1d0 8 bytes JMP 0000000037111af8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007711c210 8 bytes JMP 00000000371117f8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007711c260 8 bytes JMP 0000000037111858 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007711c280 8 bytes JMP 0000000037111bb8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007711c470 8 bytes JMP 0000000037111e58 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007711c480 8 bytes JMP 00000000371115b8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007711c580 8 bytes JMP 0000000037111558 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007711c650 8 bytes JMP 00000000371119d8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000000007711c690 8 bytes JMP 00000000371116d8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007711c700 8 bytes JMP 0000000037111618 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007711c730 8 bytes JMP 0000000037111798 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000000007711c790 8 bytes JMP 0000000037111738 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007711c7a0 8 bytes JMP 0000000037111cd8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007711c7b0 8 bytes JMP 0000000037111df8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007711cb20 8 bytes JMP 0000000037111a38 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 000000007711cbb0 8 bytes JMP 0000000037111d38 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007711d420 8 bytes JMP 0000000037111a98 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000000007711d4a0 8 bytes JMP 00000000371118b8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007711d520 8 bytes JMP 0000000037111918 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd143a50 7 bytes JMP 000007febcc40238 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW 000007fefd16ff00 5 bytes JMP 000007febcc40298 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe0d6d10 11 bytes JMP 000007febcc402f8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefeaf22e0 5 bytes JMP 000007febcc40538 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!BitBlt 000007fefeaf2390 5 bytes JMP 000007febcc40598 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefeaf3e20 5 bytes JMP 000007febcc404d8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefeaf7574 5 bytes JMP 000007febcc405f8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefeaf81f4 9 bytes JMP 000007febcc403b8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefeaf8824 9 bytes JMP 000007febcc40358 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!GetPixel 000007fefeaf8d7c 5 bytes JMP 000007febcc40418 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefeafbab4 5 bytes JMP 000007febcc406b8 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefeafc7b0 5 bytes JMP 000007febcc40658 .text C:\Windows\servicing\TrustedInstaller.exe[6960] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefeb052c0 5 bytes JMP 000007febcc40478 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}\Connection@Name isatap.{3A980C4A-9DE7-41C0-9BC1-719ACD2CFE54} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{52612574-ADC5-4FEB-A26B-4D87BD8C7458}?\Device\{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}?\Device\{67D40176-97F0-4462-A684-F7C7F6281063}?\Device\{92A19CCE-922A-4D84-AB02-BF7D6BBBD56D}?\Device\{78CAC16B-82D9-4692-B4CA-02F83450376C}?\Device\{0B2866CA-F846-4DCD-A254-61A6588D9146}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{52612574-ADC5-4FEB-A26B-4D87BD8C7458}"?"{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}"?"{67D40176-97F0-4462-A684-F7C7F6281063}"?"{92A19CCE-922A-4D84-AB02-BF7D6BBBD56D}"?"{78CAC16B-82D9-4692-B4CA-02F83450376C}"?"{0B2866CA-F846-4DCD-A254-61A6588D9146}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{52612574-ADC5-4FEB-A26B-4D87BD8C7458}?\Device\TCPIP6TUNNEL_{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}?\Device\TCPIP6TUNNEL_{67D40176-97F0-4462-A684-F7C7F6281063}?\Device\TCPIP6TUNNEL_{92A19CCE-922A-4D84-AB02-BF7D6BBBD56D}?\Device\TCPIP6TUNNEL_{78CAC16B-82D9-4692-B4CA-02F83450376C}?\Device\TCPIP6TUNNEL_{0B2866CA-F846-4DCD-A254-61A6588D9146}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2d9f69f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2d9f69f@001167f8e0f7 0xAB 0xB0 0xD1 0xE9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2d9f69f@3c363dc7553e 0x04 0x10 0xEF 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}@InterfaceName isatap.{3A980C4A-9DE7-41C0-9BC1-719ACD2CFE54} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3CFA1C1D-82B6-4260-AB34-E7E32D9C685D}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2d9f69f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2d9f69f@001167f8e0f7 0xAB 0xB0 0xD1 0xE9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2d9f69f@3c363dc7553e 0x04 0x10 0xEF 0x70 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- Files - GMER 2.2 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes File C:\Windows\System32\default_error_stack-000312-000000.txt 4240 bytes File C:\Windows\System32\default_error_stack-000313-000000.txt 4240 bytes ---- EOF - GMER 2.2 ----