GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-16 19:54:42 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\0000002a ST9500420AS rev.0002SDM1 465,76GB Running: d816ibi6.exe; Driver: C:\Users\KONRA_~1\AppData\Local\Temp\pxldrpoc.sys ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ExfUnblockPushLock + 1549 817A364D 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 602 817A7DD2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} init C:\WINDOWS\system32\DRIVERS\i8042HDR.sys entry point in "init" section [0x94FC0C00] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe[336] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 012705A8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7FE200C2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7FE209A8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7FE2016C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7FE20612 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7FE201D2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7FE203AE .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7FE2003A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7FE20634 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7FE20A0E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7FE20458 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7FE2047A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7FE201B0 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7FE20744 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7FE20832 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7FE20656 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7FE203D0 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7FE205F0 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7FE20414 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7FE20986 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7FE209CA .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7FE20964 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7FE203F2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7FE20898 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7FE20018 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7FE20722 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7FE20436 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7FE20304 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7FE20326 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7FE209EC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7FE2036A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7FE20348 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7FE208BA .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7FE20128 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7FE20700 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7FE20810 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7FE2014A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7FE200E4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7FE206DE .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7FE207CC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7FE2025A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7FE20788 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7FE2029E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7FE20A30 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7FE20AFC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7FE20B1E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7FE20E92 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7FE20EB4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7FE210D4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7FE210F6 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7FE2102A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7FE2113A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7FE21118 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7FE20A52 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7FE20ED6 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7FE20F3C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7FE2106E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7FE20F1A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7FE20F80 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7FE20FA2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7FE210B2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7FE20E70 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7FE20E4E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7FE21090 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7FE20E0A .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7FE20E2C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7FE2117E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7FE21008 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7FE2104C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7FE2115C .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7FE20DE8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7FE20F5E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7FE20EF8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7FE20FC4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7FE20FE6 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7FE20A74 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7FE211C2 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7FE211E4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7FE211A0 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7FE21206 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7FE20A96 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7FE20AB8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7FE20CD8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7FE20D82 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7FE20D3E .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptHashData 74F4F990 5 Bytes JMP 7FE20DA4 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7FE20DC6 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7FE20D60 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7FE20CB6 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7FE20CFA .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7FE20C72 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7FE20C94 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[624] advapi32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7FE20D1C .text C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe[1584] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 022005A8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7FE200C2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7FE209A8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7FE2016C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7FE20612 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7FE201D2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7FE203AE .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7FE2003A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7FE20634 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7FE20A0E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7FE20458 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7FE2047A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7FE201B0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7FE20744 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7FE20832 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7FE20656 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7FE203D0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7FE205F0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7FE20414 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7FE20986 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7FE209CA .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7FE20964 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7FE203F2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7FE20898 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7FE20018 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7FE20722 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7FE20436 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7FE20304 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7FE20326 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7FE209EC .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7FE2036A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7FE20348 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7FE208BA .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7FE20128 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7FE20700 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7FE20810 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7FE2014A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7FE200E4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7FE206DE .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7FE207CC .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7FE2025A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7FE20788 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7FE2029E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7FE20F3C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7FE20F5E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7FE2117E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7FE211A0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7FE210D4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7FE211E4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7FE211C2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7FE20A30 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7FE20F80 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7FE20FE6 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7FE21118 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7FE20FC4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7FE2102A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7FE2104C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7FE2115C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7FE20F1A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7FE20EF8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7FE2113A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7FE20EB4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7FE20ED6 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7FE21228 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7FE210B2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7FE210F6 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7FE21206 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7FE20E92 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7FE21008 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7FE20FA2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7FE2106E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7FE21090 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7FE20A52 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7FE20E4E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7FE20E70 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7FE20E2C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7FE20A74 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7FE212B0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7FE2135A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7FE21316 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7FE2137C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7FE2139E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7FE21338 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7FE2128E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7FE212D2 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7FE2124A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7FE2126C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7FE212F4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7FE20A96 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7FE20B1E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7FE20B40 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7FE213C0 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7FE20ADA .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7FE20CD8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!send 74C34F50 5 Bytes JMP 7FE20C94 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7FE20CFA .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!recv 74C42000 5 Bytes JMP 7FE20DE8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7FE20D82 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7FE20CB6 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7FE20E0A .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7FE20D60 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7FE20D1C .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7FE20AFC .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7FE20DA4 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7FE20D3E .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[1700] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7FE20DC6 .text C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe[1760] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 02C005A8 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[2976] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 014405A8 .text C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe[2988] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 011C05A8 .text C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe[2996] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 017F05A8 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7F3800C2 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7F3809A8 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7F38016C .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7F380612 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7F3801D2 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7F3803AE .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7F38003A .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7F380634 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7F380A0E .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7F380458 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7F38047A .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7F3801B0 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7F380744 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7F380832 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7F380656 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7F3803D0 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7F3805F0 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7F380414 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7F380986 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7F3809CA .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7F380964 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7F3803F2 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7F380898 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7F380018 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7F380722 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7F380436 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7F380304 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7F380326 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7F3809EC .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7F38036A .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7F380348 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7F3808BA .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7F380128 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7F380700 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7F380810 .text C:\WINDOWS\system32\DllHost.exe[3444] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7F38014A .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7F3800E4 .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7F3806DE .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7F3807CC .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7F38025A .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7F380788 .text C:\WINDOWS\system32\DllHost.exe[3444] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7F38029E .text C:\WINDOWS\system32\DllHost.exe[3444] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7F380A30 .text C:\WINDOWS\system32\DllHost.exe[3444] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7F380A52 .text C:\WINDOWS\system32\DllHost.exe[3444] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7F380A74 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7F380D3E .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7F380D60 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7F380F80 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7F380FA2 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7F380ED6 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7F380FE6 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7F380FC4 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7F380BEA .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7F380D82 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7F380DE8 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7F380F1A .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7F380DC6 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7F380E2C .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7F380E4E .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!FindWindowExW 756C4230 5 Bytes JMP 7F380F5E .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!GetMessageW 756C84E0 5 Bytes JMP 7F380D1C .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!GetMessageA 756C90A0 5 Bytes JMP 7F380CFA .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7F380F3C .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7F380CB6 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7F380CD8 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7F38102A .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7F380EB4 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!FindWindowA 756CE230 5 Bytes JMP 7F380EF8 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7F381008 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7F380C94 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!ShowWindow 756D9420 5 Bytes JMP 7F380E0A .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7F380DA4 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7F380E70 .text C:\WINDOWS\system32\DllHost.exe[3444] user32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7F380E92 .text C:\WINDOWS\system32\DllHost.exe[3444] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7F380C0C .text C:\WINDOWS\system32\DllHost.exe[3444] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7F380C50 .text C:\WINDOWS\system32\DllHost.exe[3444] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7F380C72 .text C:\WINDOWS\system32\DllHost.exe[3444] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7F380C2E .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7F38104C .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7F3810D4 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7F38117E .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7F38113A .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptHashData 74F4F990 5 Bytes JMP 7F3811A0 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7F3811C2 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7F38115C .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7F3810B2 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7F3810F6 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7F38106E .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7F381090 .text C:\WINDOWS\system32\DllHost.exe[3444] advapi32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7F381118 .text C:\Windows\System32\SystemSettingsBroker.exe[3788] USER32.dll!CreateWindowExW + 3 756BB8D3 2 Bytes [88, 09] {MOV [ECX], CL} .text C:\Windows\System32\SystemSettingsBroker.exe[3788] USER32.dll!UnhookWindowsHookEx 756D94E0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[4128] ntdll.dll!LdrLoadDll 770D5AC0 5 Bytes JMP 66E767C0 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7EF100C2 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7EF109A8 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7EF1016C .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7EF10612 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7EF101D2 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7EF103AE .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7EF1003A .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7EF10634 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7EF10A0E .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7EF10458 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7EF1047A .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7EF101B0 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7EF10744 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7EF10832 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7EF10656 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7EF103D0 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7EF105F0 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7EF10414 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7EF10986 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7EF109CA .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7EF10964 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7EF103F2 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7EF10898 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7EF10018 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7EF10722 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7EF10436 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7EF10304 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7EF10326 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7EF109EC .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7EF1036A .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7EF10348 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7EF108BA .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7EF10128 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7EF10700 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7EF10810 .text C:\Windows\System32\RuntimeBroker.exe[4484] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7EF1014A .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7EF100E4 .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7EF106DE .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7EF107CC .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7EF1025A .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7EF10788 .text C:\Windows\System32\RuntimeBroker.exe[4484] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7EF1029E .text C:\Windows\System32\RuntimeBroker.exe[4484] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7EF10A30 .text C:\Windows\System32\RuntimeBroker.exe[4484] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7EF10A52 .text C:\Windows\System32\RuntimeBroker.exe[4484] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7EF10A74 .text C:\Windows\System32\RuntimeBroker.exe[4484] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7EF10AB8 .text C:\Windows\System32\RuntimeBroker.exe[4484] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7EF11008 .text C:\Windows\System32\RuntimeBroker.exe[4484] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7EF1102A .text C:\Windows\System32\RuntimeBroker.exe[4484] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7EF10FE6 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7EF10CD8 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7EF10CFA .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7EF10F1A .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7EF10F3C .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7EF10E70 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7EF10F80 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7EF10F5E .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7EF10ADA .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7EF10D1C .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7EF10D82 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7EF10EB4 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7EF10D60 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7EF10DC6 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7EF10DE8 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7EF10EF8 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7EF10CB6 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7EF10C94 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7EF10ED6 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7EF10C50 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7EF10C72 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7EF10FC4 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7EF10E4E .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7EF10E92 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7EF10FA2 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7EF10C2E .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7EF10DA4 .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7EF10D3E .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7EF10E0A .text C:\Windows\System32\RuntimeBroker.exe[4484] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7EF10E2C .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7EF1104C .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7EF110D4 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7EF1117E .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7EF1113A .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptHashData 74F4F990 5 Bytes JMP 7EF111A0 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7EF111C2 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7EF1115C .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7EF110B2 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7EF110F6 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7EF1106E .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7EF11090 .text C:\Windows\System32\RuntimeBroker.exe[4484] advapi32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7EF11118 .text C:\Windows\System32\RuntimeBroker.exe[4484] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7EF11206 .text C:\Windows\System32\RuntimeBroker.exe[4484] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7EF111E4 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7EF11404 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!send 74C34F50 5 Bytes JMP 7EF113C0 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7EF11426 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!recv 74C42000 5 Bytes JMP 7EF11514 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7EF114AE .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7EF113E2 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7EF11536 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7EF1148C .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7EF11448 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7EF1139E .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7EF114D0 .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7EF1146A .text C:\Windows\System32\RuntimeBroker.exe[4484] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7EF114F2 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7F2A058A .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7F2A029E .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7F2A0128 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7F2A003A .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7F2A02C0 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7F2A0612 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7F2A01F4 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7F2A0216 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7F2A0634 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7F2A0326 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7F2A0414 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7F2A02E2 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7F2A014A .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7F2A018E .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7F2A0568 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7F2A05CE .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7F2A0546 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7F2A016C .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7F2A047A .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7F2A0018 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7F2A0304 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7F2A01B0 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7F2A007E .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7F2A00A0 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7F2A05F0 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7F2A00E4 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7F2A00C2 .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7F2A049C .text C:\WINDOWS\Explorer.EXE[4504] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7F2A03F2 .text C:\WINDOWS\Explorer.EXE[4504] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7F2A05AC .text C:\WINDOWS\Explorer.EXE[4504] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7F2A03AE .text C:\WINDOWS\Explorer.EXE[4504] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7F2A01D2 .text C:\WINDOWS\Explorer.EXE[4504] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7F2A036A .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7F2A0832 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7F2A0854 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7F2A0898 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7F2A0876 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7F2A0656 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7F2A07CC .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7F2A0810 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7F2A07EE .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7F2A0766 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7F2A0788 .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7F2A08DC .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7F2A07AA .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7F2A08BA .text C:\WINDOWS\Explorer.EXE[4504] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7F2A0744 .text C:\WINDOWS\Explorer.EXE[4504] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7F2A0678 .text C:\WINDOWS\Explorer.EXE[4504] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7F2A0700 .text C:\WINDOWS\Explorer.EXE[4504] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7F2A0722 .text C:\WINDOWS\Explorer.EXE[4504] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7F2A06DE .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7F2A069A .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7F2A0A96 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7F2A0B40 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7F2A0AFC .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptHashData 74F4F990 5 Bytes JMP 7F2A0B62 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7F2A0B84 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7F2A0B1E .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7F2A0A74 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7F2A0AB8 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7F2A0A30 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7F2A0A52 .text C:\WINDOWS\Explorer.EXE[4504] advapi32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7F2A0ADA .text C:\WINDOWS\Explorer.EXE[4504] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7F2A0BC8 .text C:\WINDOWS\Explorer.EXE[4504] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7F2A0BA6 .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!LdrLoadDll 770D5AC0 5 Bytes JMP 66E767C0 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtSetInformationThread + 5 77131965 4 Bytes [BA, 28, E2, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtSetInformationThread + A 7713196A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtSetInformationFile + 5 77131A25 4 Bytes [BA, 28, E1, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtSetInformationFile + A 77131A2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtQueryFullAttributesFile + A 7713275A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtQueryAttributesFile + 5 771328B5 4 Bytes [BA, A8, E0, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtQueryAttributesFile + A 771328BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenThreadTokenEx + A 77132AFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenThreadToken + 5 77132B15 4 Bytes [BA, 68, E2, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenThreadToken + A 77132B1A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenThread + 5 77132B35 4 Bytes [BA, 68, E1, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenThread + A 77132B3A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenProcessTokenEx + 5 77132C15 4 Bytes [BA, A8, E2, F7] .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenProcessTokenEx + A 77132C1A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenProcessToken + A 77132C3A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenProcess + A 77132C5A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtOpenFile + A 77132DBA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] ntdll.dll!NtCreateFile + A 77133D8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] KERNEL32.DLL!GetCurrentProcess + B 75604A2B 7 Bytes JMP 1032462D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] KERNEL32.DLL!CreateFileMappingW + 1B 75607D4B 7 Bytes JMP 103235BF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4692] GDI32.dll!MoveToEx + 3B 74E75A5B 7 Bytes JMP 10322F7B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7F0100C2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7F0109A8 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7F01016C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7F010612 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7F0101D2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7F0103AE .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7F01003A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7F010634 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7F010A0E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7F010458 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7F01047A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7F0101B0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7F010744 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7F010832 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7F010656 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7F0103D0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7F0105F0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7F010414 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7F010986 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7F0109CA .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7F010964 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7F0103F2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7F010898 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7F010018 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7F010722 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7F010436 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7F010304 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7F010326 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7F0109EC .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7F01036A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7F010348 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7F0108BA .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7F010128 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7F010700 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7F010810 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7F01014A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7F0100E4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7F0106DE .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7F0107CC .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7F01025A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7F010788 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7F01029E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7F010CB6 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!send 74C34F50 5 Bytes JMP 7F010C72 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7F010CD8 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!recv 74C42000 5 Bytes JMP 7F010DC6 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7F010D60 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7F010C94 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7F010DE8 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7F010D3E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7F010CFA .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7F010A30 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7F010D82 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7F010D1C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7F010DA4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7F010F1A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7F010F3C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7F01115C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7F01117E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7F0110B2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7F0111C2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7F0111A0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7F010A74 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7F010F5E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7F010FC4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7F0110F6 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7F010FA2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7F011008 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7F01102A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7F01113A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7F010EF8 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7F010ED6 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7F011118 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7F010E92 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7F010EB4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7F011206 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7F011090 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7F0110D4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7F0111E4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7F010E70 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7F010FE6 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7F010F80 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7F01104C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7F01106E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7F010A96 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7F010E2C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7F010E4E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] GDI32.dll!SetBrushAttributes 74E7E5E0 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7F010E0A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7F010AB8 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7F0112D2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7F01137C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7F011338 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7F01139E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7F0113C0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7F01135A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7F0112B0 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptGenKey 74F53BF0 1 Byte [E9] .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7F0112F4 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7F01126C .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7F01128E .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7F011316 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7F010ADA .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7F011228 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7F01124A .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7F0113E2 .text C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[4944] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7F010AFC .text C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe[5080] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 01DE05A8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7FE200C2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7FE209A8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7FE2016C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7FE20612 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7FE201D2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7FE203AE .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7FE2003A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7FE20634 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7FE20A0E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7FE20458 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7FE2047A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7FE201B0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7FE20744 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7FE20832 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7FE20656 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7FE203D0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7FE205F0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7FE20414 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7FE20986 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7FE209CA .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7FE20964 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7FE203F2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7FE20898 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7FE20018 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7FE20722 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7FE20436 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7FE20304 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7FE20326 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7FE209EC .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7FE2036A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7FE20348 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7FE208BA .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7FE20128 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7FE20700 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7FE20810 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7FE2014A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7FE200E4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7FE206DE .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7FE207CC .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7FE2025A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7FE20788 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7FE2029E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7FE20C0C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7FE20C2E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7FE20E4E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7FE20E70 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7FE20DA4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7FE20EB4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7FE20E92 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7FE20A30 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7FE20C50 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7FE20CB6 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7FE20DE8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7FE20C94 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7FE20CFA .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7FE20D1C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7FE20E2C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7FE20BEA .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7FE20BC8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7FE20E0A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7FE20B84 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7FE20BA6 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7FE20EF8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7FE20D82 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7FE20DC6 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7FE20ED6 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7FE20B62 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7FE20CD8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7FE20C72 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7FE20D3E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7FE20D60 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7FE20A52 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7FE20B1E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7FE20B40 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7FE20AFC .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7FE20A74 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7FE210F6 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7FE211A0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7FE2115C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7FE211C2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7FE211E4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7FE2117E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7FE210D4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7FE21118 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7FE21090 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7FE210B2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7FE2113A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7FE20A96 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7FE20F1A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7FE20F3C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7FE21206 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7FE20ADA .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7FE2128E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!send 74C34F50 5 Bytes JMP 7FE2124A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7FE212B0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!recv 74C42000 5 Bytes JMP 7FE2139E .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7FE21338 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7FE2126C .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7FE213C0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7FE21316 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7FE212D2 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7FE21228 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7FE2135A .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7FE212F4 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5636] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7FE2137C .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7F680524 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!LdrLoadDll 770D5AC0 5 Bytes JMP 66E767C0 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7F68029E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7F680128 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7F68003A .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7F6802C0 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7F680810 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7F6801F4 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7F680216 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7F680832 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7F680326 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7F6802E2 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7F68014A .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7F68018E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7F680502 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtProtectVirtualMemory 771328F0 5 Bytes JMP 7F680612 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7F6807CC .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7F6804E0 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7F68016C .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtOpenFile 77132DB0 5 Bytes JMP 7F680568 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7F680018 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7F680304 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7F6801B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7F68007E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7F6800A0 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7F6807EE .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7F6800E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7F6800C2 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7F6807AA .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7F68058A .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7F6803F2 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!GetCurrentProcess + B 75604A2B 7 Bytes JMP 1032462D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!CreateThread 756073B0 5 Bytes JMP 7F680678 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7F680546 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!CreateFileMappingW + 1B 75607D4B 7 Bytes JMP 103235BF C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!FlsAlloc + 1B 756095EB 7 Bytes JMP 1002C271 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7F6803AE .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7F6801D2 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7F68036A .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7F6806BC .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7F680854 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7F680A30 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7F680ADA .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7F680A96 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7F680AFC .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7F680B1E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7F680AB8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7F680A0E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7F680A52 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7F6809CA .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7F6809EC .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7F680A74 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WS2_32.dll!send 74C34F50 5 Bytes JMP 7F680B62 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7F680B84 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7F680B40 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7F680D3E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7F680D60 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!CallMsgFilterW + 95B 756B18FB 7 Bytes JMP 10E61D5C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7F680DA4 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7F680D82 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7F680BA6 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7F680CD8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7F680D1C .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!IsWindowInDestroy + DB 756C819B 7 Bytes JMP 10E644B3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7F680CFA .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7F680C72 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7F680C94 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7F680DE8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7F680CB6 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7F680DC6 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7F680C50 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] GDI32.dll!MoveToEx + 3B 74E75A5B 7 Bytes JMP 10322F7B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7F680BC8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7F680C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7F680C2E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7F680BEA .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WININET.dll!InternetReadFile 6302CA50 5 Bytes JMP 7F680E70 .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WININET.dll!InternetConfirmZoneCrossingW + 1360 63092970 5 Bytes JMP 7F680E0A .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WININET.dll!FtpGetFileA 630F4110 5 Bytes JMP 7F680E4E .text C:\Program Files\Mozilla Firefox\firefox.exe[6944] WININET.dll!FtpGetFileW 630F76B0 5 Bytes JMP 7F680E2C .text C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe[7968] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 020805A8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7FC100C2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7FC10942 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7FC1016C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7FC10612 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7FC101D2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7FC103AE .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtUnmapViewOfSection 77131290 9 Bytes JMP 7FC1003A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtUnmapViewOfSection + A 7713129A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7FC10634 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7FC109A8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7FC10458 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7FC1047A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7FC101B0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7FC106DE .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7FC107CC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetInformationThread + 5 77131965 4 Bytes [BA, 28, 02, 65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetInformationThread + A 7713196A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7FC10656 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetInformationFile + 5 77131A25 4 Bytes [BA, 28, 01, 65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetInformationFile + A 77131A2A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7FC103D0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7FC105F0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7FC10414 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7FC10920 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryFullAttributesFile + 5 77132755 2 Bytes [BA, E8] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryFullAttributesFile + 8 77132758 1 Byte [65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryAttributesFile + 5 771328B5 2 Bytes [BA, A8] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryAttributesFile + 8 771328B8 1 Byte [65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtQueryAttributesFile + 8 771328B8 4 Bytes [65, 00, FF, E2] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenThreadTokenEx + A 77132AFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenThreadToken + 5 77132B15 4 Bytes [BA, 68, 02, 65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenThreadToken + A 77132B1A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenThread + 5 77132B35 4 Bytes [BA, 68, 01, 65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenThread + A 77132B3A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7FC10964 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcessTokenEx + 5 77132C15 4 Bytes [BA, A8, 02, 65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcessTokenEx + A 77132C1A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcessToken 77132C30 9 Bytes JMP 7FC108FE .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcessToken + A 77132C3A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcess 77132C50 9 Bytes JMP 7FC103F2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenProcess + A 77132C5A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenFile + 5 77132DB5 2 Bytes [BA, 68] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenFile + 8 77132DB8 1 Byte [65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenFile + 8 77132DB8 4 Bytes [65, 00, FF, E2] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7FC10832 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtMapViewOfSection 77132F30 9 Bytes JMP 7FC10018 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtMapViewOfSection + A 77132F3A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7FC106BC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7FC10436 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7FC10304 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7FC10326 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7FC10986 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7FC1036A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7FC10348 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7FC10854 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateFile 77133D80 7 Bytes JMP 7FC10128 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateFile + 8 77133D88 1 Byte [65] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtCreateFile + 8 77133D88 4 Bytes [65, 00, FF, E2] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7FC1069A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7FC107AA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7FC1014A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7FC100E4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7FC10678 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7FC10766 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7FC1025A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7FC10722 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7FC1029E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7FC10BA6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7FC10BC8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7FC10DE8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7FC10E0A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7FC10D3E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7FC10E4E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7FC10E2C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7FC109CA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7FC10BEA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7FC10C50 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7FC10D82 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7FC10C2E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7FC10C94 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7FC10CB6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7FC10DC6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7FC10B84 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7FC10B62 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7FC10DA4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7FC10B1E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7FC10B40 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7FC10E92 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7FC10D1C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7FC10D60 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7FC10E70 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7FC10AFC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7FC10C72 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7FC10C0C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7FC10CD8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7FC10CFA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7FC109EC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7FC10AB8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7FC10ADA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7FC10A96 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7FC10A0E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7FC11090 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7FC1113A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7FC110F6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7FC1115C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7FC1117E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7FC11118 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7FC1106E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7FC110B2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7FC1102A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7FC1104C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7FC110D4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7FC10A30 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7FC10EB4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7FC10ED6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7FC111A0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7FC10A74 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!connect 74C34CF0 1 Byte [E9] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7FC112F4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!send 74C34F50 5 Bytes JMP 7FC112B0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7FC11316 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!recv 74C42000 1 Byte [E9] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!recv 74C42000 5 Bytes JMP 7FC11404 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7FC1139E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7FC112D2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7FC11426 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7FC1137C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7FC11338 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7FC111C2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7FC113C0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7FC1135A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8164] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7FC113E2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7F7A00C2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7F7A09A8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7F7A016C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7F7A0612 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7F7A01D2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7F7A03AE .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7F7A003A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7F7A0634 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7F7A0A0E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7F7A0458 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7F7A047A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7F7A01B0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7F7A0744 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7F7A0832 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7F7A0656 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7F7A03D0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7F7A05F0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7F7A0414 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7F7A0986 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7F7A09CA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7F7A0964 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7F7A03F2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7F7A0898 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7F7A0018 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7F7A0722 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7F7A0436 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7F7A0304 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7F7A0326 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7F7A09EC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7F7A036A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7F7A0348 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7F7A08BA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7F7A0128 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7F7A0700 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7F7A0810 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7F7A014A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7F7A00E4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7F7A06DE .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7F7A07CC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7F7A025A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7F7A0788 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7F7A029E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7F7A0C0C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7F7A0C2E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7F7A0E4E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7F7A0E70 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7F7A0DA4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7F7A0EB4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7F7A0E92 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7F7A0A30 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7F7A0C50 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7F7A0CB6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7F7A0DE8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7F7A0C94 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7F7A0CFA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7F7A0D1C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!FindWindowExW 756C4230 5 Bytes JMP 7F7A0E2C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!GetMessageW 756C84E0 5 Bytes JMP 7F7A0BEA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!GetMessageA 756C90A0 5 Bytes JMP 7F7A0BC8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7F7A0E0A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7F7A0B84 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7F7A0BA6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7F7A0EF8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7F7A0D82 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!FindWindowA 756CE230 5 Bytes JMP 7F7A0DC6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7F7A0ED6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7F7A0B62 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!ShowWindow 756D9420 5 Bytes JMP 7F7A0CD8 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7F7A0C72 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7F7A0D3E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] USER32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7F7A0D60 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7F7A0A52 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7F7A0B1E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7F7A0B40 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7F7A0AFC .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7F7A0A74 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7F7A10F6 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7F7A11A0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7F7A115C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7F7A11C2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7F7A11E4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7F7A117E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7F7A10D4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7F7A1118 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7F7A1090 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7F7A10B2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7F7A113A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7F7A0A96 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7F7A0F1A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7F7A0F3C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] SHELL32.dll!Shell_NotifyIconW 75E27300 5 Bytes JMP 7F7A1206 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] SHELL32.dll!SetCurrentProcessExplicitAppUserModelID + 1910 75E780B0 5 Bytes JMP 7F7A0ADA .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!connect 74C34CF0 1 Byte [E9] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7F7A12F4 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!send 74C34F50 5 Bytes JMP 7F7A12B0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7F7A1316 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!recv 74C42000 1 Byte [E9] .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!recv 74C42000 5 Bytes JMP 7F7A1404 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7F7A139E .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7F7A12D2 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7F7A1426 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7F7A137C .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7F7A1338 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7F7A1228 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7F7A13C0 .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7F7A135A .text C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe[8204] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7F7A13E2 .text C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe[8384] KERNEL32.DLL!UnhandledExceptionFilter 75622D40 5 Bytes JMP 020305A8 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlQueryPerformanceCounter 770C4990 5 Bytes JMP 7EF100C2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlEqualSid 770CED80 5 Bytes JMP 7EF109A8 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlCreateProcessParametersEx 770FED70 5 Bytes JMP 7EF1016C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlReportException 77103470 5 Bytes JMP 7EF10612 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlExitUserProcess 771036F0 5 Bytes JMP 7EF101D2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtWriteVirtualMemory 77131090 5 Bytes JMP 7EF103AE .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtUnmapViewOfSection 77131290 5 Bytes JMP 7EF1003A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtTerminateProcess 77131460 5 Bytes JMP 7EF10634 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSystemDebugControl 771314A0 5 Bytes JMP 7EF10A0E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSuspendThread 771314C0 5 Bytes JMP 7EF10458 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSuspendProcess 771314E0 5 Bytes JMP 7EF1047A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSetValueKey 77131620 5 Bytes JMP 7EF101B0 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSetSystemInformation 77131720 5 Bytes JMP 7EF10744 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSetSecurityObject 77131780 5 Bytes JMP 7EF10832 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSetInformationProcess 771319A0 5 Bytes JMP 7EF10656 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtSetContextThread 77131BC0 5 Bytes JMP 7EF103D0 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtRaiseHardError 77132180 5 Bytes JMP 7EF105F0 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtQueueApcThread 771321E0 5 Bytes JMP 7EF10414 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtQueryInformationToken 77132630 5 Bytes JMP 7EF10986 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtOpenSection 77132BB0 5 Bytes JMP 7EF109CA .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtOpenProcessToken 77132C30 5 Bytes JMP 7EF10964 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtOpenProcess 77132C50 5 Bytes JMP 7EF103F2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtOpenEvent 77132DF0 5 Bytes JMP 7EF10898 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtMapViewOfSection 77132F30 5 Bytes JMP 7EF10018 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtLoadDriver 771330F0 5 Bytes JMP 7EF10722 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtDuplicateObject 771336D0 5 Bytes JMP 7EF10436 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateThreadEx 77133A80 5 Bytes JMP 7EF10304 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateThread 77133AA0 5 Bytes JMP 7EF10326 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateSection 77133B00 5 Bytes JMP 7EF109EC .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateProcessEx 77133B80 5 Bytes JMP 7EF1036A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateProcess 77133BA0 5 Bytes JMP 7EF10348 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateMutant 77133C40 5 Bytes JMP 7EF108BA .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtCreateFile 77133D80 5 Bytes JMP 7EF10128 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtClose 77133FE0 5 Bytes JMP 7EF10700 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!NtAdjustPrivilegesToken 77134540 5 Bytes JMP 7EF10810 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ntdll.dll!RtlCreateProcessParameters 7716DFB0 5 Bytes JMP 7EF1014A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!GetStartupInfoA 75607A80 5 Bytes JMP 7EF100E4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!Process32NextW 756083B0 5 Bytes JMP 7EF106DE .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!MoveFileWithProgressA 7560BF30 5 Bytes JMP 7EF107CC .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!CreateToolhelp32Snapshot 7560E270 5 Bytes JMP 7EF1025A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!MoveFileExA 75642610 5 Bytes JMP 7EF10788 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] KERNEL32.DLL!WinExec 756453B0 5 Bytes JMP 7EF1029E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] msvcrt.dll!_wfindnexti64 + 110 75B956A0 5 Bytes JMP 7EF10A30 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] msvcrt.dll!__p__environ 75B95920 5 Bytes JMP 7EF10A74 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] msvcrt.dll!__p__fmode 75B95940 5 Bytes JMP 7EF10A96 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!PeekMessageA 756A9CE0 5 Bytes JMP 7EF10D3E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!PeekMessageW 756A9E40 5 Bytes JMP 7EF10D60 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!GetWindowLongA 756B0440 5 Bytes JMP 7EF10F80 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!GetWindowLongW 756B05C0 5 Bytes JMP 7EF10FA2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowTextW 756B3E80 5 Bytes JMP 7EF10ED6 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowLongW 756B3F90 5 Bytes JMP 7EF10FE6 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowLongA 756B4190 5 Bytes JMP 7EF10FC4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!UserClientDllInitialize 756B47D0 5 Bytes JMP 7EF10BEA .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!CallNextHookEx 756B8630 5 Bytes JMP 7EF10D82 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!CreateWindowExA 756BA0A0 5 Bytes JMP 7EF10DE8 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!FindWindowExA 756BA0F0 5 Bytes JMP 7EF10F1A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!CreateWindowExW 756BB8D0 5 Bytes JMP 7EF10DC6 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!CreateDialogIndirectParamAorW 756C17D0 5 Bytes JMP 7EF10E2C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!DialogBoxIndirectParamAorW 756C39C0 5 Bytes JMP 7EF10E4E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!FindWindowExW 756C4230 5 Bytes JMP 7EF10F5E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!GetMessageW 756C84E0 5 Bytes JMP 7EF10D1C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!GetMessageA 756C90A0 5 Bytes JMP 7EF10CFA .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!FindWindowW 756C9ED0 5 Bytes JMP 7EF10F3C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowsHookExW 756CA360 5 Bytes JMP 7EF10CB6 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWinEventHook 756CA5C0 5 Bytes JMP 7EF10CD8 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SendNotifyMessageW 756CAA20 5 Bytes JMP 7EF1102A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowTextA 756CBEC0 5 Bytes JMP 7EF10EB4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!FindWindowA 756CE230 5 Bytes JMP 7EF10EF8 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SendNotifyMessageA 756D5850 5 Bytes JMP 7EF11008 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!SetWindowsHookExA 756D5EB0 5 Bytes JMP 7EF10C94 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!ShowWindow 756D9420 5 Bytes JMP 7EF10E0A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!UnhookWindowsHookEx 756D94E0 5 Bytes JMP 7EF10DA4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!MessageBoxExA 7571E7F0 5 Bytes JMP 7EF10E70 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] user32.dll!MessageBoxExW 7571E820 5 Bytes JMP 7EF10E92 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] GDI32.dll!Gdi32DllInitialize 74E762D0 5 Bytes JMP 7EF10C0C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] GDI32.dll!ClearBrushAttributes 74E798E0 5 Bytes JMP 7EF10C50 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] GDI32.dll!NamedEscape 74E7C2E0 5 Bytes JMP 7EF10C72 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] GDI32.dll!SetBrushAttributes 74E7E5E0 5 Bytes JMP 7EF10C2E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!LsaLookupPrivilegeValue + 70 74F4E990 5 Bytes JMP 7EF1104C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptAcquireContextW 74F4F550 5 Bytes JMP 7EF110F6 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptGetHashParam 74F4F750 5 Bytes JMP 7EF111A0 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptCreateHash 74F4F8C0 5 Bytes JMP 7EF1115C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptHashData 74F4F990 5 Bytes JMP 7EF111C2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptImportKey 74F4FC00 5 Bytes JMP 7EF111E4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptExportKey 74F4FDC0 5 Bytes JMP 7EF1117E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptAcquireContextA 74F50890 5 Bytes JMP 7EF110D4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptGenKey 74F53BF0 5 Bytes JMP 7EF11118 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CreateServiceA 74F62E40 5 Bytes JMP 7EF11090 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CreateServiceW 74F62E60 5 Bytes JMP 7EF110B2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] ADVAPI32.dll!CryptEncrypt 74F633C0 5 Bytes JMP 7EF1113A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!connect 74C34CF0 5 Bytes JMP 7EF1124A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!send 74C34F50 5 Bytes JMP 7EF11206 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!GetAddrInfoW 74C3AF10 5 Bytes JMP 7EF1126C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!recv 74C42000 5 Bytes JMP 7EF1135A .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!closesocket 74C42980 5 Bytes JMP 7EF112F4 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!WSASend 74C43360 5 Bytes JMP 7EF11228 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!WSARecv 74C436A0 5 Bytes JMP 7EF1137C .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!WSASocketW 74C43BC0 5 Bytes JMP 7EF112D2 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!GetAddrInfoExW 74C44A90 5 Bytes JMP 7EF1128E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!GetAddrInfoExW + 6D50 74C4B7E0 5 Bytes JMP 7EF1106E .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!socket 74C4C850 5 Bytes JMP 7EF11316 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!gethostbyname 74C62A10 5 Bytes JMP 7EF112B0 .text C:\WINDOWS\system32\AUDIODG.EXE[8692] WS2_32.dll!WSAConnect 74C69EC0 5 Bytes JMP 7EF11338 .text C:\WINDOWS\system32\SettingSyncHost.exe[9248] user32.dll!FindWindowW 756C9ED0 1 Byte [E9] .text C:\WINDOWS\system32\SettingSyncHost.exe[9248] GDI32.dll!NamedEscape 74E7C2E0 1 Byte [E9] .text C:\Windows\System32\smartscreen.exe[9856] user32.dll!CreateWindowExW + 3 756BB8D3 2 Bytes [67, 0A] ---- Devices - GMER 2.2 ---- Device \Driver\BTHUSB \Device\00000047 bthport.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 volume.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 605977058 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ccef70 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269ccef70@f4f5a58a30e9 0xEB 0x46 0x32 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9fa1bb10-036b-4242-92b4-da7c768ac188}@LeaseObtainedTime 1494890969 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9fa1bb10-036b-4242-92b4-da7c768ac188}@T1 1494892769 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9fa1bb10-036b-4242-92b4-da7c768ac188}@T2 1494894119 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9fa1bb10-036b-4242-92b4-da7c768ac188}@LeaseTerminatesTime 1494894569 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xE3 0x09 0x25 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xE3 0x71 0xE9 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xE3 0xA1 0x60 0x66 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdHigh 30592451 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow 1735440896 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LastSuccessfulUploadTime 0xDE 0x8E 0xEB 0x46 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default@LastHeartBeatTime 0xED 0x15 0x57 0xEF ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests@LastDownloadTime 0x6F 0x62 0x2E 0x46 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\telemetry.ASM-WindowsDefault@LastDownloadTime 0x33 0x1B 0xFD 0x2C ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\TELEMETRY.ASM-WINDOWSSQ@LastDownloadTime 0x33 0x1B 0xFD 0x2C ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\utc.app@LastDownloadTime 0x33 0x1B 0xFD 0x2C ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\WINDOWS.DIAGNOSTICS@LastDownloadTime 0x6F 0x62 0x2E 0x46 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastTaskOperationHandle 33 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xE3 0xFF 0x94 0xC6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume3\programy\MailShare\MailShare.exe 0x41 0x80 0xC2 0x68 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\System32\wbem\WmiPrvSE.exe 0xBF 0xFA 0x89 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume3\Steam\steamapps\common\EDGE\_CommonRedist\DirectX\Jun2010\DXSETUP.exe 0x53 0xB0 0x6A 0xA4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume3\Steam\steamapps\common\SpaceChem\SpaceChem.exe 0x7E 0xDC 0x14 0xC3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume3\Steam\steamapps\common\Dawn of War 2\Install\DXSETUP.exe 0x6E 0x92 0x15 0x58 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\$WINDOWS.~BT\Sources\SetupPlatform.exe 0x6F 0x66 0x8C 0x39 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\taskhostw.exe 0xF8 0xE3 0x6A 0x69 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe 0x78 0xBD 0xD0 0xCA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x7D 0xBC 0x66 0x73 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xC0 0xA6 0x27 0xCA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\mmc.exe 0xBB 0x77 0x49 0x0C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\svchost.exe 0xF6 0xD6 0x8B 0x5B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\CompatTelRunner.exe 0x86 0xDB 0xDD 0x78 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Handbrake\Handbrake.exe 0x62 0xB8 0xD1 0xB9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\msiexec.exe 0x10 0xA9 0x38 0xD6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Users\konra_000\AppData\Local\SmimeAX\Bootstrap.exe 0x25 0x92 0x6D 0xC4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\tzsync.exe 0x34 0xB5 0x27 0x73 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\sdiagnhost.exe 0x5E 0x07 0xFF 0x70 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\GameStop App\NativeServices\GSANative.exe 0x6F 0x25 0x45 0x58 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\ProgramData\Stardock\Impulse\Temporary\ExtractedFiles\impulse_main\Base\ImpulseSelfRefresh.exe 0xC6 0xCF 0x7A 0x06 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0x99 0x68 0xD7 0x1F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Windows\System32\backgroundTaskHost.exe 0x78 0x66 0xC2 0xA4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11608.1001.49.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe 0x13 0x1B 0x20 0xBF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x86__kzf8qxf38zg5c\SkypeHost.exe 0x29 0x30 0x5B 0xB0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_19.22.6017.0_x86__8wekyb3d8bbwe\XboxApp.exe 0xD3 0x05 0xAF 0x67 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe\MessagingApplication.exe 0x65 0x34 0x26 0x54 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.24.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe 0x1B 0xFD 0xFA 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe 0xFE 0x41 0x62 0xA8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11609.1001.28.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe 0xCA 0xA7 0x6C 0x7E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x86__8wekyb3d8bbwe\WinStore.App.exe 0x60 0x61 0xCF 0x53 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1111.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0xF6 0xFC 0x49 0x48 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0x15 0x2E 0xD3 0xC0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_22.23.18005.0_x86__8wekyb3d8bbwe\XboxApp.exe 0x41 0xE5 0x26 0x4E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.11301.0_x86__8wekyb3d8bbwe\Solitaire.exe 0x36 0x6B 0xDF 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe 0x4A 0x1B 0x8E 0x8E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x86__8wekyb3d8bbwe\XboxApp.exe 0xCA 0x3D 0xE9 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.12.12200.0_x86__8wekyb3d8bbwe\Solitaire.exe 0x26 0xEC 0x08 0xD4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x86__8wekyb3d8bbwe\WinStore.App.exe 0xAA 0xF0 0xE6 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Getstarted_4.4.11.0_x86__8wekyb3d8bbwe\WhatsNew.Store.exe 0xD3 0xB8 0xB0 0xF2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x86__8wekyb3d8bbwe\WhatsNew.Store.exe 0xE8 0x61 0xAD 0x88 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0x61 0x52 0x3A 0xD7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0x88 0x5A 0xB0 0xEA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.15.2140.0_x86__8wekyb3d8bbwe\Solitaire.exe 0x22 0xAC 0x0C 0x73 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0x2E 0x76 0x8C 0xDC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.79.0_x86__8wekyb3d8bbwe\WinStore.App.exe 0x70 0xFE 0x38 0x1F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0x04 0x97 0x57 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_24.27.14009.0_x86__8wekyb3d8bbwe\XboxApp.exe 0x0E 0xC2 0xF3 0x2B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_24.27.17008.0_x86__8wekyb3d8bbwe\XboxApp.exe 0xCD 0xA6 0x02 0xBC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_27.27.28010.0_x86__8wekyb3d8bbwe\XboxApp.exe 0x2E 0xDE 0x9A 0x0C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0x50 0xBA 0x5C 0x1D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x86__8wekyb3d8bbwe\WhatsNew.Store.exe 0xAE 0x41 0x9E 0x58 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0x98 0x17 0x1A 0x18 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.XboxApp_27.28.8007.0_x86__8wekyb3d8bbwe\XboxApp.exe 0xF4 0x8D 0xC9 0xAD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0xB5 0x78 0x52 0xBA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 0x4F 0xFA 0x58 0x5C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x86__kzf8qxf38zg5c\SkypeApp.exe 0x9E 0x0F 0x64 0x16 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1703.971.0_x86__8wekyb3d8bbwe\PilotshubApp.exe 0xDD 0x5A 0x96 0x43 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\System32/mrt100.dll@\Device\HarddiskVolume2\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x86__8wekyb3d8bbwe\WinStore.App.exe 0xE0 0x55 0xF5 0x84 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D06B523C 25 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2655180193-3343946426-3718023734-1001@RefCount 11 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 403 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{CF34D874-F7B3-11E3-AF9C-806E6F6E6963} 26199685464 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds 308046B0AF4A39CB?{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\WinRAR\WinRAR.exe?{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\notepad.exe?Microsoft.Windows.Photos_8wekyb3d8bbwe!App?Bitdefender? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 2 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\wireless@PendingOperations 8 ---- EOF - GMER 2.2 ----