GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-21 21:49:38 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f Hitachi_ rev.JE4O 698,64GB Running: ib1vpvvr.exe; Driver: C:\Users\Ruka\AppData\Local\Temp\kwryrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\windows\system32\csrss.exe[484] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bcda60 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\csrss.exe[484] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bcdc60 8 bytes JMP 000000016fff0110 .text C:\windows\system32\csrss.exe[484] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 8 bytes JMP 000000016fff0148 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077bcda60 8 bytes JMP 000000016fff00d8 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077bcdc60 8 bytes JMP 000000016fff0110 .text C:\windows\system32\csrss.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 8 bytes JMP 000000016fff0148 .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\services.exe[688] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\services.exe[688] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\services.exe[688] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\services.exe[688] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\services.exe[688] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feffc83440 6 bytes JMP 750070 .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!RegisterRawInputDevices 0000000077966ee0 6 bytes {JMP QWORD [RIP+0x8ad9150]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SystemParametersInfoA 0000000077968164 6 bytes {JMP QWORD [RIP+0x8bb7ecc]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetParent 0000000077968500 6 bytes {JMP QWORD [RIP+0x8af7b30]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetWindowLongA 0000000077969bb0 6 bytes {JMP QWORD [RIP+0x8856480]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!PostMessageA 000000007796a3d8 6 bytes {JMP QWORD [RIP+0x8895c58]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!EnableWindow 000000007796aa84 6 bytes {JMP QWORD [RIP+0x8bf55ac]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!MoveWindow 000000007796aab0 6 bytes {JMP QWORD [RIP+0x8b15580]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!GetAsyncKeyState 000000007796c6dc 6 bytes {JMP QWORD [RIP+0x8ab3954]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!RegisterHotKey 000000007796cd20 6 bytes {JMP QWORD [RIP+0x8b93310]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!PostThreadMessageA 000000007796d2b4 6 bytes {JMP QWORD [RIP+0x88d2d7c]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageA 000000007796d33c 6 bytes {JMP QWORD [RIP+0x8912cf4]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendNotifyMessageW 000000007796dc20 6 bytes {JMP QWORD [RIP+0x89f2410]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SystemParametersInfoW 000000007796f4f0 6 bytes {JMP QWORD [RIP+0x8bd0b40]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetWindowsHookExW 000000007796f864 6 bytes {JMP QWORD [RIP+0x88107cc]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageTimeoutW 000000007796fab0 6 bytes {JMP QWORD [RIP+0x8970580]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!PostThreadMessageW 0000000077970b64 6 bytes {JMP QWORD [RIP+0x88ef4cc]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetWindowLongW 0000000077973380 6 bytes {JMP QWORD [RIP+0x886ccb0]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetWinEventHook + 1 0000000077974d3d 5 bytes {JMP QWORD [RIP+0x882b2f4]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!GetKeyState 0000000077974ff0 6 bytes {JMP QWORD [RIP+0x8a8b040]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageCallbackW 0000000077975428 6 bytes {JMP QWORD [RIP+0x89aac08]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageW 0000000077976b60 6 bytes {JMP QWORD [RIP+0x89294d0]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!PostMessageW 0000000077977724 6 bytes {JMP QWORD [RIP+0x88a890c]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendDlgItemMessageW 000000007797ddcc 6 bytes {JMP QWORD [RIP+0x8a22264]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!GetClipboardData 000000007797e884 6 bytes {JMP QWORD [RIP+0x8b617ac]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetClipboardViewer 000000007797f7a0 6 bytes {JMP QWORD [RIP+0x8b20890]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendNotifyMessageA 00000000779828e4 6 bytes {JMP QWORD [RIP+0x89bd74c]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!mouse_event 00000000779838a4 6 bytes {JMP QWORD [RIP+0x87bc78c]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!GetKeyboardState 0000000077988a10 6 bytes {JMP QWORD [RIP+0x8a57620]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageTimeoutA 0000000077988bd8 6 bytes {JMP QWORD [RIP+0x8937458]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SetWindowsHookExA 0000000077988c20 6 bytes {JMP QWORD [RIP+0x87d7410]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendInput 0000000077988cd0 6 bytes {JMP QWORD [RIP+0x8a37360]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!BlockInput 000000007798ad50 6 bytes {JMP QWORD [RIP+0x8b352e0]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!ExitWindowsEx 00000000779b1574 6 bytes {JMP QWORD [RIP+0x8bceabc]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!keybd_event 00000000779d4650 6 bytes {JMP QWORD [RIP+0x874b9e0]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendDlgItemMessageA 00000000779dcccc 6 bytes {JMP QWORD [RIP+0x89a3364]} .text C:\windows\system32\services.exe[688] C:\windows\system32\USER32.dll!SendMessageCallbackA 00000000779ddfbc 6 bytes {JMP QWORD [RIP+0x8922074]} .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes JMP 24656863 .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes JMP 0 .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\services.exe[688] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\services.exe[688] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\lsass.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\lsass.exe[708] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP cd6fa1b9 .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 0 .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 6f2d .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 19c1a0 .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\lsass.exe[708] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 6e0069 .text C:\windows\system32\lsass.exe[708] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\lsm.exe[716] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 310060 .text C:\windows\system32\lsm.exe[716] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\lsm.exe[716] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[828] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[828] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\svchost.exe[828] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feffc83440 6 bytes {JMP QWORD [RIP+0x10cbf0]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[828] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[828] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[948] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[948] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\svchost.exe[948] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feffc83440 6 bytes {JMP QWORD [RIP+0x10cbf0]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 1edd50 .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 33006d .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[948] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 14 .text C:\windows\system32\svchost.exe[948] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[488] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\svchost.exe[488] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 1 .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[488] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x42dd64]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x44db70]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x46a440]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x406d10]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x4a4648]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x483740]} .text C:\windows\system32\atiesrxx.exe[768] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\System32\svchost.exe[280] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\System32\svchost.exe[280] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP d4 .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 904d .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\System32\svchost.exe[280] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes JMP 5c0050 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes JMP 56580 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes JMP 8c45601 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes JMP 2353d9 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes JMP 8da9dc0 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes JMP e1f1e1f1 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes JMP e1efe1ef .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes JMP 8d71eb8 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes JMP 7b880 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes JMP e20d .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes JMP e1f0e1f0 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes JMP 8796ec1 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes JMP e1c2e1c2 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes JMP 8979211 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes JMP 8b00da9 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes JMP 71c7218 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes JMP ae80 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes JMP 1880 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes JMP 8b85210 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes JMP 8c45601 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes JMP 2e80 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes JMP 8bc0a40 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes JMP 8c45601 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes JMP e1f3e1f3 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes JMP 1a6980 .text C:\windows\System32\svchost.exe[1084] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes JMP 1c80 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes JMP 162081 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes JMP 85e2508 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes JMP c7280 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes JMP e214 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes JMP e1f3e1f3 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 1e4120 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 24d390 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1084] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 30005f .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[1116] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[1116] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[1164] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 364fe8 .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feffc83440 6 bytes {JMP QWORD [RIP+0x10cbf0]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\SHELL32.dll!SHFileOperationW 0000000002178fe4 5 bytes [FF, 25, 4C, 70, D7] .text C:\windows\system32\svchost.exe[1164] C:\windows\system32\SHELL32.dll!SHFileOperation 0000000002392398 6 bytes {JMP QWORD [RIP+0xb3dc98]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[1240] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x42dd64]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x44db70]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x46a440]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x406d10]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x4a4648]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x483740]} .text C:\windows\system32\atieclxx.exe[1396] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 364ff8 .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 6ac27878 .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x42dd64]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x44db70]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x46a440]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x406d10]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x4a4648]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x483740]} .text C:\windows\System32\spoolsv.exe[1588] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[1640] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 54 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 3a646975 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 6e70752f .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1640] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\svchost.exe[1696] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feffc83440 6 bytes {JMP QWORD [RIP+0x10cbf0]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[1696] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[1808] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1948] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 70b8000a .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x141dd64]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x159db70]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15ba440]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x13e6d10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x15f4648]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15d3740]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2024] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 6c006c .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x42dd64]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x44db70]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x46a440]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x406d10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x4a4648]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1196] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe[1344] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\System32\svchost.exe[1752] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP ffffffff .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 48786574 .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 1b0860 .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP 4f0053 .text C:\windows\System32\svchost.exe[1752] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\shell32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 70b5000a .text C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe[1360] C:\windows\syswow64\shell32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 70b8000a .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 5c003a .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 0 .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\taskeng.exe[2116] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\taskhost.exe[2128] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 2790dd0 .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 709d1d70 .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 20120120 .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes JMP c2fc6b1f .text C:\windows\system32\Dwm.exe[2144] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\Explorer.EXE[2224] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\Explorer.EXE[2224] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x141dd64]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x159db70]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15ba440]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes JMP 620065 .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x13e6d10]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x15f4648]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15d3740]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\SHELL32.dll!SHFileOperationW 000007fefef08fe4 6 bytes {JMP QWORD [RIP+0x111704c]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\SHELL32.dll!SHFileOperation 000007feff122398 6 bytes {JMP QWORD [RIP+0xeddc98]} .text C:\windows\Explorer.EXE[2224] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 4f004c .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes JMP 0 .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\taskeng.exe[2344] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x141dd64]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x15bdb70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15da440]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x13e6d10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x1614648]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15f3740]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\pg_ctl.exe[2784] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 3aa078 .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x141dd64]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x15bdb70]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15da440]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x13e6d10]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x1614648]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15f3740]} .text C:\Program Files\Elantech\ETDCtrl.exe[2792] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 364ee0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 560045 C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x147dd64]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x15bdb70]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15da440]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0x1437c98]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x1417674]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1456d10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x1614648]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15f3740]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2800] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP c7b0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 4000000 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x147dd64]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x15bdb70]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x15da440]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0x1437c98]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x1417674]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1456d10]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x1614648]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x15f3740]} .text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[2808] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 0 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[2952] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe[2212] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2728] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\conhost.exe[2564] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 0 .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe[1152] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes JMP 0 .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[2440] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[2512] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe[3172] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe[3224] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3408] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3416] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3424] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OpenERP 7.0-20140105-002500\PostgreSQL\bin\postgres.exe[3440] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\SearchIndexer.exe[3652] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[3792] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 6f0067 .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 34 .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 656d614e .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\svchost.exe[3848] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe[3900] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe[3976] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\SHELL32.dll!SHFileOperationW 0000000076b89698 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\SHELL32.dll!SHFileOperation 0000000076d8bae9 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3992] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP f4896078 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP f4896078 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[1692] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 3a0043 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2724] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2188] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2364] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[388] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes [E8, 4F, 36] .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes {JMP QWORD [RIP+0x1cdd64]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes {JMP QWORD [RIP+0x1edb70]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes {JMP QWORD [RIP+0x20a440]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes JMP 0 .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes {JMP QWORD [RIP+0x1a6d10]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes {JMP QWORD [RIP+0x244648]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2236] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes {JMP QWORD [RIP+0x258b90]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077ba3250 6 bytes {JMP QWORD [RIP+0x849cde0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtClose 0000000077bcdaa0 6 bytes {JMP QWORD [RIP+0x8452590]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077bcdb70 6 bytes {JMP QWORD [RIP+0x8c924c0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077bcdc70 6 bytes {JMP QWORD [RIP+0x8b323c0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077bcdce0 6 bytes {JMP QWORD [RIP+0x8c12350]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077bcdd20 6 bytes {JMP QWORD [RIP+0x8bd2310]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077bcddc0 6 bytes {JMP QWORD [RIP+0x8c32270]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077bcde30 6 bytes {JMP QWORD [RIP+0x8a32200]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077bcde50 6 bytes {JMP QWORD [RIP+0x8bb21e0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077bcde90 6 bytes {JMP QWORD [RIP+0x8ab21a0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077bcdee0 6 bytes {JMP QWORD [RIP+0x8ad2150]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077bcdf00 6 bytes {JMP QWORD [RIP+0x8bf2130]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077bce0f0 6 bytes {JMP QWORD [RIP+0x8cd1f40]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077bce100 6 bytes {JMP QWORD [RIP+0x89f1f30]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077bce200 6 bytes {JMP QWORD [RIP+0x89d1e30]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077bce2d0 6 bytes {JMP QWORD [RIP+0x8b51d60]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077bce310 6 bytes {JMP QWORD [RIP+0x8a51d20]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077bce380 6 bytes {JMP QWORD [RIP+0x8a11cb0]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077bce3b0 6 bytes {JMP QWORD [RIP+0x8a91c80]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077bce410 6 bytes {JMP QWORD [RIP+0x8a71c20]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077bce420 6 bytes {JMP QWORD [RIP+0x8c51c10]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077bce430 6 bytes {JMP QWORD [RIP+0x8cb1c00]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077bce7a0 6 bytes {JMP QWORD [RIP+0x8b71890]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077bce830 6 bytes {JMP QWORD [RIP+0x8c71800]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077bcf0a0 6 bytes {JMP QWORD [RIP+0x8b90f90]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077bcf120 6 bytes {JMP QWORD [RIP+0x8af0f10]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077bcf1a0 6 bytes {JMP QWORD [RIP+0x8b10e90]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!CopyFileExW 0000000077a718f0 6 bytes {JMP QWORD [RIP+0x868e740]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!CreateProcessInternalW 0000000077a7db10 6 bytes {JMP QWORD [RIP+0x85e2520]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!MoveFileWithProgressW 0000000077aef4e0 6 bytes {JMP QWORD [RIP+0x85b0b50]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!MoveFileTransactedW 0000000077aef510 6 bytes {JMP QWORD [RIP+0x85f0b20]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!MoveFileWithProgressA 0000000077aef6e0 6 bytes {JMP QWORD [RIP+0x8590950]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\kernel32.dll!MoveFileTransactedA 0000000077af54b0 6 bytes {JMP QWORD [RIP+0x85cab80]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefdc7b022 3 bytes CALL 0 .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefdc860e0 5 bytes [FF, 25, 50, 9F, 3A] .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!DeleteDC 000007fefeaa22cc 6 bytes JMP 0 .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!BitBlt 000007fefeaa24c0 6 bytes JMP 0 .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!MaskBlt 000007fefeaa5bf0 6 bytes JMP 0 .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!CreateDCW 000007fefeaa8398 6 bytes {JMP QWORD [RIP+0xa7c98]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!CreateDCA 000007fefeaa89bc 6 bytes {JMP QWORD [RIP+0x87674]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!GetPixel 000007fefeaa9320 6 bytes JMP 33006d .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!StretchBlt 000007fefeaab9e8 6 bytes JMP 0 .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\GDI32.dll!PlgBlt 000007fefeaac8f0 6 bytes {JMP QWORD [RIP+0x223740]} .text C:\windows\system32\AUDIODG.EXE[3988] C:\windows\System32\ole32.dll!CoCreateInstance 000007fefddf74a0 6 bytes JMP 3b053204 .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077d7fa20 3 bytes JMP 71af000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077d7fa24 2 bytes JMP 71af000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077d7fb68 3 bytes JMP 70c1000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077d7fb6c 2 bytes JMP 70c1000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d7fcf0 3 bytes JMP 70e2000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077d7fcf4 2 bytes JMP 70e2000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d7fda4 3 bytes JMP 70cd000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077d7fda8 2 bytes JMP 70cd000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077d7fe08 3 bytes JMP 70d3000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077d7fe0c 2 bytes JMP 70d3000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077d7ff00 3 bytes JMP 70ca000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077d7ff04 2 bytes JMP 70ca000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077d7ffb4 3 bytes JMP 70fa000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077d7ffb8 2 bytes JMP 70fa000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077d7ffe4 3 bytes JMP 70d6000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077d7ffe8 2 bytes JMP 70d6000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077d80044 3 bytes JMP 70ee000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077d80048 2 bytes JMP 70ee000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077d800c4 3 bytes JMP 70eb000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077d800c8 2 bytes JMP 70eb000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d800f4 3 bytes JMP 70d0000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077d800f8 2 bytes JMP 70d0000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077d803f8 3 bytes JMP 70bb000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077d803fc 2 bytes JMP 70bb000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077d80410 3 bytes JMP 7100000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077d80414 2 bytes JMP 7100000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077d80590 3 bytes JMP 7103000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077d80594 2 bytes JMP 7103000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077d806d4 3 bytes JMP 70df000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077d806d8 2 bytes JMP 70df000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077d80734 3 bytes JMP 70f7000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077d80738 2 bytes JMP 70f7000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077d807dc 3 bytes JMP 70fd000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077d807e0 2 bytes JMP 70fd000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077d80824 3 bytes JMP 70f1000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077d80828 2 bytes JMP 70f1000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077d808b4 3 bytes JMP 70f4000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077d808b8 2 bytes JMP 70f4000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077d808cc 3 bytes JMP 70c7000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077d808d0 2 bytes JMP 70c7000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077d808e4 3 bytes JMP 70be000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077d808e8 2 bytes JMP 70be000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077d80e34 3 bytes JMP 70dc000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077d80e38 2 bytes JMP 70dc000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077d80f18 3 bytes JMP 70c4000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077d80f1c 2 bytes JMP 70c4000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077d81c24 3 bytes JMP 70d9000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077d81c28 2 bytes JMP 70d9000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077d81cf4 3 bytes JMP 70e8000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077d81cf8 2 bytes JMP 70e8000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077d81dcc 3 bytes JMP 70e5000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077d81dd0 2 bytes JMP 70e5000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077da3b8c 6 bytes JMP 71a8000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000075da3bab 3 bytes JMP 719c000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000075da3baf 2 bytes JMP 719c000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075da9aa4 6 bytes JMP 7187000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!CopyFileExW 0000000075db3b62 6 bytes JMP 717e000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000075dbccd1 6 bytes JMP 718a000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!MoveFileTransactedA 0000000075e0dc76 6 bytes JMP 7184000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\kernel32.dll!MoveFileTransactedW 0000000075e0dd19 6 bytes JMP 7181000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075e9f784 6 bytes JMP 719f000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075ea2ca4 4 bytes CALL 71ac0000 .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetWindowLongW 0000000075738342 6 bytes JMP 715d000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!PostThreadMessageW 0000000075738c0f 6 bytes JMP 7151000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SystemParametersInfoW 00000000757390e3 6 bytes JMP 710c000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageW 0000000075739689 6 bytes JMP 714b000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000757397e2 6 bytes JMP 7145000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetWinEventHook 000000007573ee19 6 bytes JMP 7163000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!RegisterHotKey 000000007573efd9 3 bytes JMP 7112000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007573efdd 2 bytes JMP 7112000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!PostMessageW 00000000757412b5 6 bytes JMP 7157000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!GetKeyState 000000007574292f 6 bytes JMP 712a000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetParent 0000000075742d74 3 bytes JMP 7121000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetParent + 4 0000000075742d78 2 bytes JMP 7121000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!EnableWindow 0000000075742db4 6 bytes JMP 7109000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!MoveWindow 00000000757436a8 3 bytes JMP 711e000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!MoveWindow + 4 00000000757436ac 2 bytes JMP 711e000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!PostMessageA 0000000075743bba 6 bytes JMP 715a000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!PostThreadMessageA 0000000075743c71 6 bytes JMP 7154000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetWindowLongA 0000000075746120 6 bytes JMP 7160000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageA 000000007574613e 6 bytes JMP 714e000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075746c40 6 bytes JMP 710f000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075747613 6 bytes JMP 7166000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075747678 6 bytes JMP 7139000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageCallbackW 00000000757476f0 6 bytes JMP 713f000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007574782f 6 bytes JMP 7148000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetWindowsHookExA 000000007574836c 6 bytes JMP 7169000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetClipboardViewer 000000007574c4c6 3 bytes JMP 711b000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007574c4ca 2 bytes JMP 711b000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007575c122 6 bytes JMP 7136000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007575d109 6 bytes JMP 7133000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!GetAsyncKeyState 000000007575ebb6 6 bytes JMP 7127000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!GetKeyboardState 000000007575ec88 3 bytes JMP 712d000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007575ec8c 2 bytes JMP 712d000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendInput 000000007575ff6a 3 bytes JMP 7130000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendInput + 4 000000007575ff6e 2 bytes JMP 7130000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000075779fdb 6 bytes JMP 7115000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!ExitWindowsEx 000000007578156b 6 bytes JMP 7106000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!mouse_event 0000000075790343 6 bytes JMP 716c000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!keybd_event 0000000075790387 6 bytes JMP 716f000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075796dc4 6 bytes JMP 7142000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075796e25 6 bytes JMP 713c000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!BlockInput 0000000075797e9f 3 bytes JMP 7118000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!BlockInput + 4 0000000075797ea3 2 bytes JMP 7118000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000757989b3 3 bytes JMP 7124000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000757989b7 2 bytes JMP 7124000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!DeleteDC 0000000076aa58b3 6 bytes JMP 718d000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!BitBlt 0000000076aa5ea5 6 bytes JMP 717b000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!CreateDCA 0000000076aa7ba4 6 bytes JMP 7196000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!GetPixel 0000000076aab986 6 bytes JMP 7190000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!StretchBlt 0000000076aaba5f 6 bytes JMP 7172000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!MaskBlt 0000000076aacc01 6 bytes JMP 7178000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!CreateDCW 0000000076aaea03 6 bytes JMP 7193000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\GDI32.dll!PlgBlt 0000000076ad4969 6 bytes JMP 7175000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000765e9d0b 6 bytes JMP 7199000a .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b21401 2 bytes JMP 75dbb21b C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b21419 2 bytes JMP 75dbb346 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b21431 2 bytes JMP 75e38fd1 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b2144a 2 bytes CALL 75d9489d C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b214dd 2 bytes JMP 75e388c4 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b214f5 2 bytes JMP 75e38aa0 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b2150d 2 bytes JMP 75e387ba C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b21525 2 bytes JMP 75e38b8a C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b2153d 2 bytes JMP 75dafca8 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b21555 2 bytes JMP 75db68ef C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b2156d 2 bytes JMP 75e39089 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b21585 2 bytes JMP 75e38bea C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b2159d 2 bytes JMP 75e3877e C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b215b5 2 bytes JMP 75dafd41 C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b215cd 2 bytes JMP 75dbb2dc C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b216b2 2 bytes JMP 75e38f4c C:\windows\syswow64\kernel32.dll .text C:\Users\Ruka\Downloads\ib1vpvvr.exe[5740] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b216bd 2 bytes JMP 75e38713 C:\windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000ecfe94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000ecfc38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000ed0614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88000ed0a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000ed086c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs fffffa80064352c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{7A2B8EA2-C23F-4D56-9799-DF9E2B5EAE92} fffffa80067d02c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa80076982c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80077cf2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80077cf2c0 Device \Driver\amd_sata \Device\00000070 fffffa8005a972c0 Device \Driver\amd_sata \Device\RaidPort0 fffffa8005a972c0 Device \Driver\cdrom \Device\CdRom0 fffffa800715b2c0 Device \Driver\amd_sata \Device\0000006f fffffa8005a972c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa80077cf2c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80076982c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80076982c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80076982c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa80076982c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80077cf2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80077cf2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{00242B74-FF82-47E5-B7EC-98E644730E0B} fffffa80067d02c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80067d02c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa80077cf2c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80076982c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80076982c0 Device \Driver\amd_sata \Device\ScsiPort0 fffffa8005a972c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80076982c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005a992c0]<< sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys fffffa8005a992c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066a7060] fffffa80066a7060 Trace 3 CLASSPNP.SYS[fffff880013d143f] -> nt!IofCallDriver -> [0xfffffa800653d040] fffffa800653d040 Trace \Driver\amd_xata[0xfffffa8006528af0] -> IRP_MJ_CREATE -> 0xfffffa8005a992c0 fffffa8005a992c0 Trace 5 amd_xata.sys[fffff880011c9b3f] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa80065399c0] fffffa80065399c0 Trace \Driver\amd_sata[0xfffffa8006528060] -> IRP_MJ_CREATE -> 0xfffffa8005a972c0 fffffa8005a972c0 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2188:3952] 000007fefbb22af8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2188:4948] 000007feef9a5648 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2188:3948] 000007feef9a5648 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f44829 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8039a8d7137 Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC0 0xFE 0xC7 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002454f44829 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8039a8d7137 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC0 0xFE 0xC7 0x3C ... Reg HKLM\SYSTEM\Software\Comodo\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\Comodo\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\342A920F7C9D4D59913006D5FFF646C4A144B85A 2274 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0D7BEFD95D5A58FB86C08948DDF18C093E05F778 2853 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\3EADFD5FFBB5FAD77A207A09DA01B95610F119EA 776 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\68FA867E11BF2F6B4BA45F91B28B75039F41BCEB 9792 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\9591607AB2A47E0AD1B771E5B69826872D2348F7 15252 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\95FE5317244E606472789C9C4B27C73CB9CFD19F 4218 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\9ADEBCD916EE19CD52B45E534F2543387FD2E100 13074 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\3184D18B9D623951B89DFEA1718F632B88F2B10A 846 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\82E31CA6E996F0010F72950D576FF7B9057AF6B5 2406 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0BDEE929A31B8E5CCB6BFF41821093A721F55821 2367 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\65502752E1D96D08C166AEA3E63E9FEC73E3B8AA 15908 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D11470999CA79E080BB11574E91CE3C71D99C3A9 2394 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\BD79A6BFC32C71772DCCC0F3373725767C3A01F1 3278 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\CA12625B99CBBAED0FB3EE54201B74652B6E0475 2350 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0FC6A8F10BA7BA72389CA1F57FDE9393E24F662F 2400 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\5C7611255E7B5729F02A78F09369BA15FC4E7976 734 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\058BB29C920F2A11BCB94BC2D153B2243F55B136 608 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\910B90D9CE0F2C81CFF26935A7490589364EC499 2349 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\43C06834E12708D3565836B052481779DDA57248 3678 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\05FA95E64832480363E47E9C0EBF54B838C8A1C9 2399 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\81CDD119857952F70B6571C717596783F01C749A 2264 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\3227CCD7B70D3FD1812ECE51CA05075D7E70B230 2272 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\A80C61D5A8959449E5DD1D4C6AB642F303040588 2374 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C0FB133CF68D7A40BC20C827D26A30B7BE1D67B4 70358 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\1F5A6D336E1C8CEF7379D196B60B85D273C2ADF2 1183 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\E2BB50658B12A48F50EDA38A3A3DAC50B326EF82 608 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\E2BFDA1CF17CEB06B6891A1C26A6C2E10C4A9F24 4258 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\5B35EA995090350103157160A4FC8C44F110C3AA 3684 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\61F0300E234994EBAC5EA9A65C52F37767777C57 2405 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F96C7E358A14BAF804F3B487A5564167A32AC650 967 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\037F035145CBBED71ADB8A848592FDA945C74D76 4037 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\24D1524179250ECF922F93C171E2E7A7BE4BC5DB 7345 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0AFE68B0B7630566C4F798943717EF44E61E9851 463 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\4FED03A3C4C005789BB21051D79AA6E190352231 2965 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\609164E493F71D1922D12240A5D2C3282A587715 2025 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\EE6708224F7CAC05C5EE8E65D38B929C89BA4FC4 22369 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\491FD61DF5044347D8BEFEB7F5E7DB91668E83C4 2374 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\99E37A445D2AF201D99162B0FEC9B3FEC06DAE08 5889 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\673E181F41FD9FDB021B7757E39FD6B46CF818B7 3726 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D250869666FD54A835A1E886250F482C8582D534 2361 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F6AB37CDF4B35ADDE2EE739FC08A2C933F9853E4 1582 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D82A083753E80DCFADB775E3005A2A8C4591989D 641 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\71FFF95BF045B3C63541A75D78BB5119BD11BB35 2326 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DA64AC558CB4CDECC6669A1B53898FE7738F2AED 8750 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DD8982614D11E8EECB44DD4248681705CA579C06 3260 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\22DE4832435EA6A9FA29C2C1A68B599A0CFC59EB 4178 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\34FE12E236658BE18B8C771D73CD48F98EF8C9A6 2264 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\A544DA9B17398896C83E0F48030B9617D6EE1394 3639 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\72EB1070909133D79CED3B5C0FD1F89CC1C61BAF 2317 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\94EC51990C9AD19EF52A8913AA079E5F1380B136 44071 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0DF4F5D7784B1A5D0E73A8EC226DE91F26FD0EE9 71240 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\4C19B302BEB0958804A655CDC3C98C08355840BF 10654 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0DB2E2D5E7973D4D41293ADFF5448F8A467912B4 3683 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D8173515DE0966FD5DF6DE2D38EED1C77129AF4A 5423 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C042FE7B3DA6C4657C5E7B9B3770B9173F3D4403 2303 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DADAF3E3E886A090BDE281A523D8A7C9E2E07AB9 18549 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\6EE5FB55D09AAEB6684DB6C430766BA237CACDE9 25686 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DC225538A6C7922173A2B738654892C478554DF7 26564 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\2E44F00EFB4C123A8B5207F3B25BB5705DC56448 897 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\08515B983D375F4588B5FED828A36443A496CA76 2025 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\BCD1C540587A2C34CF6F842441BD4D8667C78EFB 19124 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\11D71C380AF3F3957443BA29FDA377E232B4E04D 67228 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\54C02E7044A6AD1807957A49DBD456B3EB2096FA 2353 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\66D4030A62C3F2C86DF85BE3D6F7D75DA1BE1DF3 2376 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C4A4580068625CAC0EA106A6D07CD3660BF4D0E8 3681 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\4AD66F742D56675A8DA2820B901DCB5A9C7B7B9C 2301 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\1281C1B8B3D394D030579F6D2604A79B4D8A1C86 2307 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\9AA3DD89E47F227DD3AAD0655E61AC0B3C7398DD 2319 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\673596137227C54E5BA75A347C180E741722C9C7 2264 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\7240DFB1081CF0B5504C8492E8714EAC2AB12CF3 6362 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C22206A0802902A02D6441736FF551D885C23699 2264 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C7A7AD949EB6799945B5537C450E707D283250A7 20950 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\2AAC52B048B6E71B9448C954907505A149D0CCFE 899 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\73ACDBCAC26B20E4024113C8FB292A619C2C4858 4334 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F66D720EFACDC2B4E3407EB5C8C00AC6D0CE9240 3684 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F66FEA7FBB7B2559C40582AC3165C5DE803F0F0D 36448 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\8E15C3FE8E3DA59F265C4ABADB567543A8A0CDD8 2366 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D15CC9F3E18E4CA1C0433885F40E61CDC26619BA 24880 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\CFE564BAFFE8D69C7F3B00A5985D457277BD4200 2264 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\2D9544B0859EFC0D8B660D2E9FA4C41722916C7C 9157 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\87B858EA25A785EA8BC1D50F0C67751EA1970B98 71349 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\E83FBD3AFEE6C70300151FC853DD1D5484C052BB 896 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\E09F4D2FC0453CAEAACDA1D5D5B26B4E3D58107D 16617 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\89713CF9A8F4C7AAC4147FADA197D77AC09217F5 898 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F64B25E8786ABC295F4F328EF43F95CBE3E10CEF 2400 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\0B691117B3D78119A3334FE45CE1EF6CE94968A3 899 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\CA3F1FA673B9F02CBBE2F5AE922C028E246D52C6 2184 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\8D1672A5709E13B177A8BB9C67CE78926393C3FB 40366 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\ED272B20E020A1E43214B7487DBF23D5D8A2C7F2 2399 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\55FEDC11E71248CE474530DDEA32154983AA7DBF 2315 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DF01B3864C5742BB7AF8D982AC39ECBBE52765F9 57982 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\8046F46A22849BE748DBB76ADEF2A5184A6DEAD7 3627 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\59DD980DC32D9FF362C49C814E2188CB254926E3 4323 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\4AB8355D6B0FE98DF8092EB040AE34DC50DF862B 3680 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\C963B46AB19691832BB358941A65E0A7262A3B36 570 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\7A68E0C466C24B3D182CAC9F1114B8B5F820C8AE 2299 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\6B1B0A7B21A85C2BA728B5F14893710F14CFDB1F 55627 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\8255B12E3103CFBA72AE051E19BD6F55D3F0864A 3027 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\81EC3DB4A77D9E0712C6F05039332F9D5A95A435 622 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\903F7EEE75A981B8CE95031B7E9C2DD39B03E231 6251 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\2BC796D114FF33DF108739183B7DC1A0874E8B76 58224 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\2BC98B130CA3EA038976E57D38B39B7BF67938EA 901 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\CD73D1AD18FE0F2B6D886B1B2489C6D519C61D16 899 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\B4F02C35B49ED5D762400BC2FA7ACA9AD2252D61 634 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\454E3CA4BE583480DA9C2D269EB5222E51468265 2392 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\02E59495661A657844FEBB9121E68FE3931ABDA6 21882 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\6AF3125F18F42C8AD65C146A01FA7C80358C0DF4 2379 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\75F5CCA81EC0B61877903BEF7007D0B2A7CB4D3B 934 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\B7BD8A79D458BC0C2EAFC8EEC679598D7873CAEE 147236 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D62E91FFEF837006890D978F0D144447B2A1D353 864 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\B8AB8FB6F48F0F4E344F3949FB847A853DC406E1 3784 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D7DD21A8C145FD32AD2B4D6900A561916B53A6C6 51659 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\8557187E9B62E54291D8A6924515E5D1EEAB07A4 1279 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\AD519DC75F9F3542334C500313BD31C0EF77D0F2 3188 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\ED319B04481701D8199DBE27739BFBC69171F4A4 2351 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\B986D7D889AE3A3B48EAED1F503D18C17A4EF24C 777 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\CE225E47EF9CB49FAED32BF9246A8387C8291746 1593 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D23A2338A6788C1615DB097850471F33CAFCB0AB 74475 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\F7814D07F1FBD5B50B7643C1F56137E8EA5B1DC9 969 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\9D123EE7D4E8E9EA0037E2C2829BECE0CCE67F62 1174 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\9D145D18914E1C66580B32D85925626B03CEA098 614 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\24F5DF956A39A41376C59F688354603557BFD651 977 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\71B4C98EE4F3A71033D3673C7A1E57BE527568A4 23148 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\DB5B13E000DCB733090FF33693161E7F0AE1833B 40701 bytes File C:\Users\Ruka\AppData\Local\Mozilla\Firefox\Profiles\vsjqfmzs.default\cache2\entries\D6D770FDBF258BA5D61A8D4DC9335F0CD88C3812 296 bytes ---- EOF - GMER 2.1 ----