GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-06 12:56:13 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port2Path0Target1Lun0 OCZ-AGIL rev.2.08 55,90GB Running: gmer.exe; Driver: C:\Users\GuiDesign\AppData\Local\Temp\uwlyipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778edc80 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ede80 1 byte JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000778ede82 6 bytes {JMP 0xfffffffff8702290} .text C:\Windows\system32\csrss.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000778edc80 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000778ede80 1 byte JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 2 00000000778ede82 6 bytes {JMP 0xfffffffff8702290} .text C:\Windows\system32\csrss.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\services.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\services.exe[792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\services.exe[792] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe033e80 6 bytes {JMP QWORD [RIP+0x10c1b0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077686ef0 6 bytes {JMP QWORD [RIP+0x8d19140]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077688184 6 bytes {JMP QWORD [RIP+0x8df7eac]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetParent 0000000077688530 6 bytes {JMP QWORD [RIP+0x8d37b00]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077689bcc 6 bytes {JMP QWORD [RIP+0x8a96464]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!PostMessageA 000000007768a404 6 bytes {JMP QWORD [RIP+0x8ad5c2c]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!EnableWindow 000000007768aaa0 6 bytes {JMP QWORD [RIP+0x8e35590]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!MoveWindow 000000007768aad0 6 bytes {JMP QWORD [RIP+0x8d55560]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007768c720 6 bytes {JMP QWORD [RIP+0x8cf3910]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007768cd50 6 bytes {JMP QWORD [RIP+0x8dd32e0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007768d2b0 6 bytes {JMP QWORD [RIP+0x8b12d80]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageA 000000007768d338 6 bytes {JMP QWORD [RIP+0x8b52cf8]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007768dc40 6 bytes {JMP QWORD [RIP+0x8c323f0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007768f510 6 bytes {JMP QWORD [RIP+0x8e10b20]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007768f874 6 bytes {JMP QWORD [RIP+0x8a507bc]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007768fac0 6 bytes {JMP QWORD [RIP+0x8bb0570]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077690b74 6 bytes {JMP QWORD [RIP+0x8b2f4bc]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000776933b0 6 bytes {JMP QWORD [RIP+0x8aacc80]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000077694d4d 5 bytes {JMP QWORD [RIP+0x8a6b2e4]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!GetKeyState 0000000077695010 6 bytes {JMP QWORD [RIP+0x8ccb020]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077695438 6 bytes {JMP QWORD [RIP+0x8beabf8]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageW 0000000077696b50 6 bytes {JMP QWORD [RIP+0x8b694e0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!PostMessageW 00000000776976e4 6 bytes {JMP QWORD [RIP+0x8ae894c]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007769dd90 6 bytes {JMP QWORD [RIP+0x8c622a0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!GetClipboardData 000000007769e874 6 bytes {JMP QWORD [RIP+0x8da17bc]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007769f780 6 bytes {JMP QWORD [RIP+0x8d608b0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000776a28e4 6 bytes {JMP QWORD [RIP+0x8bfd74c]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!mouse_event 00000000776a3894 6 bytes {JMP QWORD [RIP+0x89fc79c]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000776a8a10 6 bytes {JMP QWORD [RIP+0x8c97620]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000776a8be0 6 bytes {JMP QWORD [RIP+0x8b77450]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000776a8c20 6 bytes {JMP QWORD [RIP+0x8a17410]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendInput 00000000776a8cd0 6 bytes {JMP QWORD [RIP+0x8c77360]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!BlockInput 00000000776aad60 6 bytes {JMP QWORD [RIP+0x8d752d0]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000776d14e0 6 bytes {JMP QWORD [RIP+0x8e0eb50]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!keybd_event 00000000776f45a4 6 bytes {JMP QWORD [RIP+0x898ba8c]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000776fcc08 6 bytes {JMP QWORD [RIP+0x8be3428]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000776fdf18 6 bytes {JMP QWORD [RIP+0x8b62118]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP 0 .text C:\Windows\system32\services.exe[792] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes CALL 1200 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 4d0044 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes JMP 61006b .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 8fa7 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[808] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\lsm.exe[816] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe033e80 6 bytes {JMP QWORD [RIP+0x10c1b0]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[960] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[960] c:\windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007781b861 11 bytes [B8, F0, 12, 41, 01, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 21] .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 1C] .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x12dd64]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x55db70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xe7ca8]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0xc7668]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 4 bytes [FF, 25, FC, 6C] .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!GetPixel + 5 000007feff389339 1 byte [00] .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x5b4648]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x593760]} .text C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[1012] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes JMP 9b3 .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe[1216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe033e80 6 bytes {JMP QWORD [RIP+0x10c1b0]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[1252] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778edd50 8 bytes JMP 000000016fff00d8 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\atiesrxx.exe[1508] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1552] C:\Windows\System32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x6af90]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 4d0044 .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 8fa7 .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\System32\svchost.exe[1592] C:\Windows\System32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 450036 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 15a430 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP aab .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 2c294a8 .text C:\Windows\system32\svchost.exe[1624] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe033e80 6 bytes {JMP QWORD [RIP+0x10c1b0]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1664] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\AUDIODG.EXE[1720] C:\Windows\System32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP ffffffff .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\system32\atieclxx.exe[1792] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\Dwm.exe[1816] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes JMP 720065 .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077686ef0 6 bytes {JMP QWORD [RIP+0x8d19140]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077688184 6 bytes {JMP QWORD [RIP+0x8df7eac]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetParent 0000000077688530 6 bytes {JMP QWORD [RIP+0x8d37b00]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077689bcc 6 bytes {JMP QWORD [RIP+0x8a96464]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!PostMessageA 000000007768a404 6 bytes {JMP QWORD [RIP+0x8ad5c2c]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!EnableWindow 000000007768aaa0 6 bytes {JMP QWORD [RIP+0x8e35590]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!MoveWindow 000000007768aad0 6 bytes {JMP QWORD [RIP+0x8d55560]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007768c720 6 bytes {JMP QWORD [RIP+0x8cf3910]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007768cd50 6 bytes {JMP QWORD [RIP+0x8dd32e0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007768d2b0 6 bytes {JMP QWORD [RIP+0x8b12d80]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageA 000000007768d338 6 bytes {JMP QWORD [RIP+0x8b52cf8]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007768dc40 6 bytes {JMP QWORD [RIP+0x8c323f0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007768f510 6 bytes {JMP QWORD [RIP+0x8e10b20]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007768f874 6 bytes {JMP QWORD [RIP+0x8a507bc]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007768fac0 6 bytes {JMP QWORD [RIP+0x8bb0570]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077690b74 6 bytes {JMP QWORD [RIP+0x8b2f4bc]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000776933b0 6 bytes {JMP QWORD [RIP+0x8aacc80]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000077694d4d 5 bytes {JMP QWORD [RIP+0x8a6b2e4]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!GetKeyState 0000000077695010 6 bytes {JMP QWORD [RIP+0x8ccb020]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077695438 6 bytes {JMP QWORD [RIP+0x8beabf8]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageW 0000000077696b50 6 bytes {JMP QWORD [RIP+0x8b694e0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!PostMessageW 00000000776976e4 6 bytes {JMP QWORD [RIP+0x8ae894c]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007769dd90 6 bytes {JMP QWORD [RIP+0x8c622a0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!GetClipboardData 000000007769e874 6 bytes {JMP QWORD [RIP+0x8da17bc]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007769f780 6 bytes {JMP QWORD [RIP+0x8d608b0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000776a28e4 6 bytes {JMP QWORD [RIP+0x8bfd74c]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!mouse_event 00000000776a3894 6 bytes {JMP QWORD [RIP+0x89fc79c]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000776a8a10 6 bytes {JMP QWORD [RIP+0x8c97620]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000776a8be0 6 bytes {JMP QWORD [RIP+0x8b77450]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000776a8c20 6 bytes {JMP QWORD [RIP+0x8a17410]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendInput 00000000776a8cd0 6 bytes {JMP QWORD [RIP+0x8c77360]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!BlockInput 00000000776aad60 6 bytes {JMP QWORD [RIP+0x8d752d0]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000776d14e0 6 bytes {JMP QWORD [RIP+0x8e0eb50]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!keybd_event 00000000776f45a4 6 bytes {JMP QWORD [RIP+0x898ba8c]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000776fcc08 6 bytes {JMP QWORD [RIP+0x8be3428]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000776fdf18 6 bytes {JMP QWORD [RIP+0x8b62118]} .text C:\Windows\Explorer.EXE[2108] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe033e80 6 bytes {JMP QWORD [RIP+0x10c1b0]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\system32\taskhost.exe[2316] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2516] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70ae000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70ae000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70a8000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70a8000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 00000000cc37d111 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70b4000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70ab000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70ab000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70b1000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70b1000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 714d000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 70f9000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 7147000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7141000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 70ff000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 70ff000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7117000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 710e000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 710e000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 70f6000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 710b000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 710b000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 714a000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 70fc000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7126000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 712c000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7144000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7108000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7108000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7123000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7120000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7114000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7102000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 70f3000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 712f000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7129000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7105000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7105000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7111000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7111000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007781b861 11 bytes [B8, F0, 12, 5D, 02, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 1C] .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe[2748] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70cb000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70cb000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70ec000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70ec000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d7000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d7000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70dd000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70dd000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d4000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d4000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7104000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7104000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e0000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e0000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f8000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f8000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f5000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f5000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70da000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70da000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c5000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c5000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 710d000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 710d000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e9000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e9000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7101000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 5 0000000077aa06f5 1 byte [71] .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7107000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7107000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70fb000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70fb000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fe000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fe000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d1000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d1000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c8000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c8000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e6000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e6000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70ce000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70ce000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e3000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e3000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f2000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f2000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70ef000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70ef000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7116000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 711c000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 711c000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7134000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712b000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712b000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7113000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7128000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7128000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7119000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7143000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7125000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7125000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7140000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 713d000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7131000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7137000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7137000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711f000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7110000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7146000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7122000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7122000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712e000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712e000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\KERNEL32.dll .text G:\Safe in cloud\SafeInCloud.exe[2780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7109000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7109000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 710c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 710c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7106000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7106000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 7187000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 718a000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 7184000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 717b000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7181000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 717e000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 7166000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 715a000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7115000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 7154000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 714e000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 716c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 711b000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 711b000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7160000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7133000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712a000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712a000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7112000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7127000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7163000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 715d000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 7169000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 7157000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7118000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 716f000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7142000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 7148000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7151000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7172000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7124000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7124000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 713f000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 713c000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7130000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7136000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7136000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7139000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7139000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711e000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 710f000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 7175000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 7178000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 714b000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7145000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7121000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7121000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712d000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712d000a .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[2228] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 718a000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 7184000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes {JMP QWORD [RIP+0x7198001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 717b000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes {JMP QWORD [RIP+0x7180001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes {JMP QWORD [RIP+0x7195001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe[3152] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 717e000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes [EA, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes [F6, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes [08, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes [0B, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes [E7, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes [FF, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes [05, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes [F9, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes [FC, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes [E4, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes [E1, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes [F0, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes [ED, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes [9B, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes {JMP QWORD [RIP+0x719e001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes {CALL QWORD [RIP+0x71ac000a]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes {JMP QWORD [RIP+0x716b001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes {JMP QWORD [RIP+0x715f001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7115000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes {JMP QWORD [RIP+0x7153001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes {JMP QWORD [RIP+0x7171001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes [1A, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes {JMP QWORD [RIP+0x7138001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes [29, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes {JMP QWORD [RIP+0x7111001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes [26, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes {JMP QWORD [RIP+0x7168001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes {JMP QWORD [RIP+0x7162001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes {JMP QWORD [RIP+0x716e001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes {JMP QWORD [RIP+0x715c001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7118000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes {JMP QWORD [RIP+0x7147001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes {JMP QWORD [RIP+0x714d001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes {JMP QWORD [RIP+0x7156001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes {JMP QWORD [RIP+0x7177001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes [23, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes {JMP QWORD [RIP+0x7141001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes {JMP QWORD [RIP+0x712f001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes [3B, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes [3E, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes {JMP QWORD [RIP+0x711d001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes {JMP QWORD [RIP+0x710e001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes {JMP QWORD [RIP+0x717d001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes [20, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes [2C, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe[3160] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes {JMP QWORD [RIP+0x718c001e]} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c7000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c7000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e8000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e8000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d3000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d3000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d0000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d0000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7100000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7100000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f4000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f4000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f1000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f1000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c1000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c1000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7106000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7106000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7109000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7109000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e5000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e5000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7103000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7103000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fa000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fa000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70cd000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c4000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c4000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70df000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70df000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70ee000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70ee000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70eb000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70eb000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7112000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7118000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7118000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7130000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7127000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7127000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 710f000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7124000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7124000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7115000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7121000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7121000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 712d000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7133000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7133000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7136000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7136000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711b000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 710c000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 711e000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 711e000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712a000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712a000a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d3000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d3000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d0000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d0000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7100000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7100000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7106000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7106000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7109000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7109000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e5000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e5000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7103000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7103000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fa000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fa000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70cd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70df000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70df000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70ee000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70ee000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70eb000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70eb000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7112000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7118000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7118000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7130000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7127000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7127000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 710f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7124000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7124000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7115000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7121000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7121000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 712d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7133000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7133000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7136000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7136000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 710c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 711e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 711e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text G:\Logitech Mouse\SetPoint\SetPoint.exe[3260] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0xbaf90]} .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7109000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7109000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 710c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 710c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7106000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7106000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 7166000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 715a000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7115000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 7154000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 714e000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 716c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 711b000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 711b000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7160000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7133000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712a000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712a000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7112000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7127000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7163000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 715d000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 7169000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 7157000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7118000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 716f000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7142000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 7148000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7151000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7172000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7124000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7124000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 713f000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 713c000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7130000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7136000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7136000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7139000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7139000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711e000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 710f000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 7175000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 7178000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 714b000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7145000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7121000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7121000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712d000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712d000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 718a000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 7184000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 717b000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7181000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 717e000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 7187000a .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70cf000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70cf000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f0000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f0000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70db000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70db000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d8000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d8000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7108000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7108000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fc000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fc000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f9000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f9000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70de000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70de000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7111000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7111000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ed000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ed000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7105000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7105000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70ff000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70ff000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7102000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7102000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d5000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d5000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cc000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cc000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70ea000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 00000000cc37d769 .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d2000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d2000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e7000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e7000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f6000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f6000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f3000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f3000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711a000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7120000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7120000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7138000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712f000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712f000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7117000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712c000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712c000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711d000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7129000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7129000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7141000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7135000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7123000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7114000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7126000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7126000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7132000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7132000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70cf000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70cf000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f0000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f0000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70db000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70db000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e1000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e1000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d8000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d8000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7108000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7108000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fc000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fc000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f9000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f9000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70de000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70de000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c9000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c9000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7111000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7111000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ed000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ed000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7105000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7105000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70ff000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70ff000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7102000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7102000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d5000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d5000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cc000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cc000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70ea000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 00000000cc37d769 .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d2000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d2000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e7000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e7000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f6000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f6000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f3000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f3000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711a000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7120000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7120000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7138000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712f000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712f000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7117000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712c000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712c000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711d000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7129000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7129000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7141000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7135000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7123000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7114000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7126000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7126000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7132000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7132000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7103000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70df000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70df000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 711e000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7106000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x12dd64]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x55db70]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x57a440]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xe7ca8]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0xc7668]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 4 bytes [FF, 25, FC, 6C] .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!GetPixel + 5 000007feff389339 1 byte [00] .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x5b4648]} .text C:\Program Files\Bonjour\mDNSResponder.exe[3412] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x593760]} .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c6000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c6000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e7000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e7000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d2000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d2000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d8000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d8000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70cf000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70cf000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70ff000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70ff000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70db000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70db000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f3000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f3000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f0000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f0000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d5000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d5000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c0000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c0000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7105000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7105000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7108000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7108000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e4000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e4000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70fc000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70fc000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7102000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7102000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f6000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f6000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70f9000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70f9000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70cc000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70cc000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c3000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c3000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e1000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e1000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70c9000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70c9000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70de000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70de000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70ed000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70ed000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70ea000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 00000000cc37e701 .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7111000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 714a000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7117000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7117000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 712f000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7126000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7126000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 710e000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7123000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7123000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7114000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 713e000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 7144000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 714d000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7120000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7120000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 713b000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7138000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 712c000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7132000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7132000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 7135000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 7135000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711a000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 710b000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7147000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7141000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 711d000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 711d000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7129000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7129000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text G:\Logitech Mouse\SetPoint\x86\SetPoint32.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP ffffffff .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[3520] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\IProsetMonitor.exe[3560] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[3660] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 15a81 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70bd000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70de000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70c9000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70cf000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70c6000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70f6000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70f6000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70d2000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70ea000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 00000000cc37c979 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70e7000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70cc000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70b7000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 70fc000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 70fc000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 70ff000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 70ff000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70db000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70f3000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70f3000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 70f9000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 70f9000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70ed000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70f0000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70c3000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70ba000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70d8000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70c0000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70d5000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70e4000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70e1000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 714d000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7108000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 7147000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7141000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 710e000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 710e000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7126000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 711d000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7105000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 711a000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 714a000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 710b000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7135000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 713b000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7144000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7117000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7117000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7132000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 712f000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7123000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7129000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7129000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 712c000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 712c000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7111000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7102000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 713e000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7138000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7114000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7114000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7120000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7120000a .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text G:\Nitro\NitroPDFDriverService9x64.exe[3776] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 23] .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 1E] .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes JMP 720065 .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x824648]} .text G:\Nitro\Nitro_UpdateService.exe[3808] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\NLSSRV32.EXE[3932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70cf000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70cf000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f0000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f0000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70db000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70db000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e1000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e1000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d8000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d8000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7108000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7108000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e4000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e4000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fc000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fc000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f9000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f9000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70de000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70de000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c9000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c9000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7111000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7111000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ed000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ed000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7105000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7105000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70ff000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70ff000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7102000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7102000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d5000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d5000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cc000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cc000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70ea000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 00000000cc37d769 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d2000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d2000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e7000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e7000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f6000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f6000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f3000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f3000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\kernel32.dll!UnhandledExceptionFilter 00000000760276c7 5 bytes JMP 0000000101d907d0 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711a000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7120000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7120000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7138000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712f000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712f000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7117000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712c000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712c000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711d000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7129000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7129000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7141000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7135000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7123000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7114000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7126000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7126000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7132000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7132000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Bitdefender Agent\ProductAgentService.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[3212] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 4d0044 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 8fa7 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2588] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007781b861 11 bytes [B8, F0, 12, B7, 01, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[2996] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes JMP 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes CALL 0 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x12dd64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x55db70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x57a440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xe7ca8]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0xc7668]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 4 bytes [FF, 25, FC, 6C] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!GetPixel + 5 000007feff389339 1 byte [00] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x5b4648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x593760]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0xbaf90]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4060] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\SearchIndexer.exe[4584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 0 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x55db70]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x57a440]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xe7ca8]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0xc7668]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 4 bytes [FF, 25, FC, 6C] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!GetPixel + 5 000007feff389339 1 byte [00] .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x5b4648]} .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[4628] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x593760]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\system32\svchost.exe[4452] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x15a440]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x173760]} .text C:\Windows\System32\svchost.exe[6076] C:\Windows\System32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes [C6, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes [E7, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes [D2, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes [CF, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes [DB, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes [F3, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes [C0, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes [05, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes [08, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes [E4, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes [FC, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes [02, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes [F6, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes [F9, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes [CC, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes [C3, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes [E1, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes [C9, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes [DE, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes [ED, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes [EA, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe[6012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes [9B, 71] .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\System32\WUDFHost.exe[6300] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes [C0, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes [E1, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes [CC, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes [D2, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes [C9, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes [D5, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes [ED, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes [CF, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes [BA, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes [FF, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes [DE, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes [F6, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes [FC, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes [F0, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes [F3, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes [C6, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes [DB, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes [C3, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes [D8, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes [E7, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes [E4, 70] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe[6440] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes [9B, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes [AE, 71] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 7100000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7103000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70be000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes {JMP QWORD [RIP+0x71a7001e]} .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[6596] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes [9B, 71] .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\DllHost.exe[6560] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Program Files\iPod\bin\iPodService.exe[3324] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70cb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70cb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70ec000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70ec000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70d7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70d7000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70dd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70dd000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d4000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7104000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7104000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e0000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70f8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70f8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70f5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70f5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70da000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70da000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70c5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70c5000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 710d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 710d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70e9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70e9000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7101000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 5 0000000077aa06f5 1 byte [71] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 7107000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 7107000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 70fb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 70fb000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 70fe000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 70fe000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d1000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70c8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70c8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70e6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70e6000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70ce000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70ce000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e3000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f2000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70ef000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70ef000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 7116000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 711c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 711c000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7134000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 712b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 712b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7113000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 7128000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 7128000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 7119000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7143000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 7125000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 7125000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7140000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 713d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7131000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 7137000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 7137000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 711f000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7110000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 7146000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7122000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7122000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 712e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 712e000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\cmd.exe[5640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes [FF, 25, 00, B4, 0A] .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes {JMP QWORD [RIP+0x11dd64]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes {JMP QWORD [RIP+0x13db70]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes {JMP QWORD [RIP+0x36a440]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes {JMP QWORD [RIP+0xd7ca8]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes {JMP QWORD [RIP+0xf6cfc]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x554648]} .text C:\Windows\system32\conhost.exe[6604] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes {JMP QWORD [RIP+0x383760]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000778c3210 6 bytes {JMP QWORD [RIP+0x877ce20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778edcc0 6 bytes {JMP QWORD [RIP+0x8732370]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000778edd90 6 bytes {JMP QWORD [RIP+0x8ed22a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778ede90 6 bytes {JMP QWORD [RIP+0x8d721a0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778edf00 6 bytes {JMP QWORD [RIP+0x8e52130]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000778edf40 6 bytes {JMP QWORD [RIP+0x8e120f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000778edfe0 6 bytes {JMP QWORD [RIP+0x8e72050]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000778ee050 6 bytes {JMP QWORD [RIP+0x8c71fe0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000778ee070 6 bytes {JMP QWORD [RIP+0x8df1fc0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000778ee0b0 6 bytes {JMP QWORD [RIP+0x8cf1f80]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000778ee100 6 bytes {JMP QWORD [RIP+0x8d11f30]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000778ee120 6 bytes {JMP QWORD [RIP+0x8e31f10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000778ee310 6 bytes {JMP QWORD [RIP+0x8f11d20]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000778ee320 6 bytes {JMP QWORD [RIP+0x8c31d10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000778ee420 6 bytes {JMP QWORD [RIP+0x8c11c10]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000778ee4f0 6 bytes {JMP QWORD [RIP+0x8d91b40]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000778ee530 6 bytes {JMP QWORD [RIP+0x8c91b00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000778ee5a0 6 bytes {JMP QWORD [RIP+0x8c51a90]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000778ee5d0 6 bytes {JMP QWORD [RIP+0x8cd1a60]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000778ee630 6 bytes {JMP QWORD [RIP+0x8cb1a00]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000778ee640 6 bytes {JMP QWORD [RIP+0x8e919f0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778ee650 6 bytes {JMP QWORD [RIP+0x8ef19e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778ee9c0 6 bytes {JMP QWORD [RIP+0x8db1670]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000778eea50 6 bytes {JMP QWORD [RIP+0x8eb15e0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778ef2c0 6 bytes {JMP QWORD [RIP+0x8dd0d70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000778ef340 6 bytes {JMP QWORD [RIP+0x8d30cf0]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000778ef3c0 6 bytes {JMP QWORD [RIP+0x8d50c70]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007779dbc0 6 bytes {JMP QWORD [RIP+0x88c2470]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd814c30 5 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd81a6f5 3 bytes [15, 59, 05] .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!DeleteDC 000007feff3822cc 6 bytes JMP 360037 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!BitBlt 000007feff3824c0 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!MaskBlt 000007feff385bf0 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!CreateDCW 000007feff388388 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!CreateDCA 000007feff3889c8 6 bytes {JMP QWORD [RIP+0x87668]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!GetPixel 000007feff389334 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!StretchBlt 000007feff38b9e8 6 bytes {JMP QWORD [RIP+0x194648]} .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\GDI32.dll!PlgBlt 000007feff38c8d0 6 bytes JMP 0 .text C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe[4912] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefd4650a0 6 bytes {JMP QWORD [RIP+0x4af90]} .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a9f9dc 3 bytes JMP 71af000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077a9f9e0 2 bytes JMP 71af000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a9fb24 3 bytes JMP 70d0000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077a9fb28 2 bytes JMP 70d0000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a9fcac 3 bytes JMP 70f1000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077a9fcb0 2 bytes JMP 70f1000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a9fd60 3 bytes JMP 70dc000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077a9fd64 2 bytes JMP 70dc000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a9fdc4 3 bytes JMP 70e2000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077a9fdc8 2 bytes JMP 70e2000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077a9febc 3 bytes JMP 70d9000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077a9fec0 2 bytes JMP 70d9000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077a9ff70 3 bytes JMP 7109000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077a9ff74 2 bytes JMP 7109000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a9ffa0 3 bytes JMP 70e5000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077a9ffa4 2 bytes JMP 70e5000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077aa0000 3 bytes JMP 70fd000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077aa0004 2 bytes JMP 70fd000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077aa0080 3 bytes JMP 70fa000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077aa0084 2 bytes JMP 70fa000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077aa00b0 3 bytes JMP 70df000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077aa00b4 2 bytes JMP 70df000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077aa03b4 3 bytes JMP 70ca000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077aa03b8 2 bytes JMP 70ca000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077aa03cc 3 bytes JMP 710f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077aa03d0 2 bytes JMP 710f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077aa054c 3 bytes JMP 7112000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077aa0550 2 bytes JMP 7112000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077aa0690 3 bytes JMP 70ee000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077aa0694 2 bytes JMP 70ee000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077aa06f0 3 bytes JMP 7106000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077aa06f4 2 bytes JMP 7106000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077aa0798 3 bytes JMP 710c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077aa079c 2 bytes JMP 710c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077aa07e0 3 bytes JMP 7100000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077aa07e4 2 bytes JMP 7100000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077aa0870 3 bytes JMP 7103000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077aa0874 2 bytes JMP 7103000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077aa0888 3 bytes JMP 70d6000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077aa088c 2 bytes JMP 70d6000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077aa08a0 3 bytes JMP 70cd000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077aa08a4 2 bytes JMP 70cd000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077aa0df0 3 bytes JMP 70eb000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077aa0df4 2 bytes JMP 70eb000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077aa0ed4 3 bytes JMP 70d3000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077aa0ed8 2 bytes JMP 70d3000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077aa1be0 3 bytes JMP 70e8000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077aa1be4 2 bytes JMP 70e8000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077aa1cb0 3 bytes JMP 70f7000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077aa1cb4 2 bytes JMP 70f7000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077aa1d88 3 bytes JMP 70f4000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077aa1d8c 2 bytes JMP 70f4000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077ac3b9b 6 bytes JMP 71a8000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076013b93 3 bytes JMP 719c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000076013b97 2 bytes JMP 719c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 00000000761af784 6 bytes JMP 719f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000761b2c9e 4 bytes CALL 71ac0000 .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075898332 6 bytes JMP 716c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075898bff 6 bytes JMP 7160000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000758990d3 6 bytes JMP 711b000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075899679 6 bytes JMP 715a000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000758997d2 6 bytes JMP 7154000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007589ee09 6 bytes JMP 7172000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007589efc9 3 bytes JMP 7121000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007589efcd 2 bytes JMP 7121000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000758a12a5 6 bytes JMP 7166000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!GetKeyState 00000000758a291f 6 bytes JMP 7139000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetParent 00000000758a2d64 3 bytes JMP 7130000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetParent + 4 00000000758a2d68 2 bytes JMP 7130000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!EnableWindow 00000000758a2da4 6 bytes JMP 7118000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!MoveWindow 00000000758a3698 3 bytes JMP 712d000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 00000000758a369c 2 bytes JMP 712d000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000758a3baa 6 bytes JMP 7169000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 00000000758a3c61 6 bytes JMP 7163000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowLongA 00000000758a6110 6 bytes JMP 716f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000758a612e 6 bytes JMP 715d000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 00000000758a6c30 6 bytes JMP 711e000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000758a7603 6 bytes JMP 7175000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 00000000758a7668 6 bytes JMP 7148000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000758a76e0 6 bytes JMP 714e000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 00000000758a781f 6 bytes JMP 7157000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000758a835c 6 bytes JMP 7178000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000758ac4b6 3 bytes JMP 712a000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 00000000758ac4ba 2 bytes JMP 712a000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 00000000758bc112 6 bytes JMP 7145000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 00000000758bd0f5 6 bytes JMP 7142000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000758beb96 6 bytes JMP 7136000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!GetKeyboardState 00000000758bec68 3 bytes JMP 713c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 00000000758bec6c 2 bytes JMP 713c000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendInput 00000000758bff4a 3 bytes JMP 713f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000758bff4e 2 bytes JMP 713f000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000758d9f1d 6 bytes JMP 7124000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000758e1497 6 bytes JMP 7115000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!mouse_event 00000000758f027b 6 bytes JMP 717b000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!keybd_event 00000000758f02bf 6 bytes JMP 717e000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000758f6cfc 6 bytes JMP 7151000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000758f6d5d 6 bytes JMP 714b000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!BlockInput 00000000758f7dd7 3 bytes JMP 7127000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000758f7ddb 2 bytes JMP 7127000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000758f88eb 3 bytes JMP 7133000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000758f88ef 2 bytes JMP 7133000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075f758b3 6 bytes JMP 7190000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075f75ea6 6 bytes JMP 718a000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075f77bcc 6 bytes JMP 7199000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000075f7b895 6 bytes JMP 7181000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000075f7c332 6 bytes JMP 7187000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000075f7cbfb 6 bytes JMP 7193000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075f7e743 6 bytes JMP 7196000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075fa4857 6 bytes JMP 7184000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007543124e 6 bytes JMP 718d000a .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076901401 2 bytes JMP 7602b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076901419 2 bytes JMP 7602b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076901431 2 bytes JMP 760a8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007690144a 2 bytes CALL 76004885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769014dd 2 bytes JMP 760a8802 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769014f5 2 bytes JMP 760a89d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007690150d 2 bytes JMP 760a86f8 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076901525 2 bytes JMP 760a8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007690153d 2 bytes JMP 7601fc78 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076901555 2 bytes JMP 760268bf C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007690156d 2 bytes JMP 760a8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076901585 2 bytes JMP 760a8b22 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007690159d 2 bytes JMP 760a86bc C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769015b5 2 bytes JMP 7601fd11 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769015cd 2 bytes JMP 7602b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769016b2 2 bytes JMP 760a8e84 C:\Windows\syswow64\kernel32.dll .text C:\Users\GuiDesign\Desktop\gmer\gmer.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769016bd 2 bytes JMP 760a8651 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1012] (FILE NOT FOUND) 000007fefb3e0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----