GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-02-21 18:28:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000007e ATA_____ rev.6B0Q 111,79GB Running: vyuxgmic.exe; Driver: C:\Users\patryk\AppData\Local\Temp\kfxdipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a8d460 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a8d660 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a8d460 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a8d660 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\services.exe[656] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\services.exe[656] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes JMP 200073 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077946ef0 6 bytes {JMP QWORD [RIP+0x8af9140]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000077948184 6 bytes {JMP QWORD [RIP+0x8bd7eac]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetParent 0000000077948530 6 bytes {JMP QWORD [RIP+0x8b17b00]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077949bcc 6 bytes {JMP QWORD [RIP+0x8876464]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!PostMessageA 000000007794a404 6 bytes {JMP QWORD [RIP+0x88b5c2c]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!EnableWindow 000000007794aaa0 6 bytes {JMP QWORD [RIP+0x8c15590]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!MoveWindow 000000007794aad0 6 bytes {JMP QWORD [RIP+0x8b35560]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007794c720 6 bytes {JMP QWORD [RIP+0x8ad3910]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007794cd50 6 bytes {JMP QWORD [RIP+0x8bb32e0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007794d2b0 6 bytes {JMP QWORD [RIP+0x88f2d80]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageA 000000007794d338 6 bytes {JMP QWORD [RIP+0x8932cf8]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007794dc40 6 bytes {JMP QWORD [RIP+0x8a123f0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007794f510 6 bytes {JMP QWORD [RIP+0x8bf0b20]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007794f874 4 bytes [FF, 25, BC, 07] .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 5 000000007794f879 1 byte [08] .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007794fac0 6 bytes {JMP QWORD [RIP+0x8990570]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000077950b74 6 bytes {JMP QWORD [RIP+0x890f4bc]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000779533b0 6 bytes {JMP QWORD [RIP+0x888cc80]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000077954d4d 5 bytes {JMP QWORD [RIP+0x884b2e4]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!GetKeyState 0000000077955010 6 bytes {JMP QWORD [RIP+0x8aab020]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000077955438 6 bytes {JMP QWORD [RIP+0x89cabf8]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageW 0000000077956b50 6 bytes {JMP QWORD [RIP+0x89494e0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!PostMessageW 00000000779576e4 6 bytes {JMP QWORD [RIP+0x88c894c]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 000000007795dd90 6 bytes {JMP QWORD [RIP+0x8a422a0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!GetClipboardData 000000007795e874 6 bytes {JMP QWORD [RIP+0x8b817bc]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetClipboardViewer 000000007795f780 6 bytes {JMP QWORD [RIP+0x8b408b0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000779628e4 6 bytes {JMP QWORD [RIP+0x89dd74c]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!mouse_event 0000000077963894 6 bytes {JMP QWORD [RIP+0x87dc79c]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077968a10 6 bytes {JMP QWORD [RIP+0x8a77620]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077968be0 6 bytes {JMP QWORD [RIP+0x8957450]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077968c20 6 bytes {JMP QWORD [RIP+0x87f7410]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendInput 0000000077968cd0 6 bytes {JMP QWORD [RIP+0x8a57360]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!BlockInput 000000007796ad60 6 bytes {JMP QWORD [RIP+0x8b552d0]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000779914e0 6 bytes {JMP QWORD [RIP+0x8beeb50]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!keybd_event 00000000779b45a4 6 bytes {JMP QWORD [RIP+0x876ba8c]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 00000000779bcc08 6 bytes {JMP QWORD [RIP+0x89c3428]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\USER32.dll!SendMessageCallbackA 00000000779bdf18 6 bytes {JMP QWORD [RIP+0x8942118]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 101 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP 0 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 0 .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 6414765d .text C:\Windows\system32\services.exe[656] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 38002d .text C:\Windows\system32\services.exe[656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\lsass.exe[680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP fd361410 .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\lsm.exe[688] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes {JMP QWORD [RIP+0x10c2d0]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 1000100 .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 9b3 .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\nvvsvc.exe[908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes {JMP QWORD [RIP+0x10c2d0]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[976] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes JMP 40040100 .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes JMP 335bfa7f .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes JMP 2d726572 .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes JMP 49c502fe .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 1000100 .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 9b3 .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\System32\svchost.exe[744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 48 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes JMP 6ff .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes JMP 8cb03e0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes JMP fcaf3c7c .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP 7b917c7c .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\SHELL32.dll!SHFileOperationW 00000000023a9050 5 bytes [FF, 25, E0, 6F, DA] .text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\SHELL32.dll!SHFileOperation 00000000025c2fc0 6 bytes {JMP QWORD [RIP+0xb5d070]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 6c0069 .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 2bc5 .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 452 .text C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe[1460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\WLANExt.exe[1576] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\conhost.exe[1584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes {JMP QWORD [RIP+0x10c2d0]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[1704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE[1876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077248791 5 bytes JMP 0000000174e61170 .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[1920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 1000100 .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 9b3 .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\System32\svchost.exe[1284] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Program Files\EslWire\service\WireHelperSvc.exe[1740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2072] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2192] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\KMS-R@1n.exe[2228] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2268] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL d8c00 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 1000100 C:\Windows\system32\SspiCli.dll .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe[2432] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe[2516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Program Files\KMSpico\Service_KMS.exe[2584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP ab45 .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\conhost.exe[2660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\System32\tcpsvcs.exe[2816] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 6f2d .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 6e0069 .text C:\Windows\system32\svchost.exe[2904] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[2932] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 163780 .text C:\Windows\system32\svchost.exe[2972] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3036] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3044] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x19a440]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 0 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x15dd64]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 1000c .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 60000 .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1d4648]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1b3740]} .text C:\Program Files\PostgreSQL\9.2\bin\postgres.exe[3064] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL d8c00 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 1000100 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3472] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[3684] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP fd571758 .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 9bc97270 .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP ffffffff .text C:\Windows\system32\wbem\wmiprvse.exe[3276] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 2d186a0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP ee868 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4560] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 10002 .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\nvvsvc.exe[4572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 1000c .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\taskeng.exe[5080] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL d8c00 .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 1000100 .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP 0 .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\ws2_32.dll!connect + 1 0000000004d745c1 5 bytes {JMP QWORD [RIP-0x18458e]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\ws2_32.dll!getsockname 0000000004d79480 6 bytes {JMP QWORD [RIP-0x1893de]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\ws2_32.dll!WSAConnect 0000000004d9e0f0 6 bytes {JMP QWORD [RIP-0x1ae086]} .text C:\Windows\system32\taskhost.exe[4752] C:\Windows\system32\ws2_32.dll!getpeername 0000000004d9e450 6 bytes {JMP QWORD [RIP-0x1ae376]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL d8c00 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 1000100 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[4740] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 6f0067 .text C:\Windows\system32\conhost.exe[1488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 4400431 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ws2_32.dll!connect + 1 00000000021745c1 5 bytes JMP 89b90000 .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ws2_32.dll!getsockname 0000000002179480 4 bytes JMP 1a8d0000 .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ws2_32.dll!getsockname + 5 0000000002179485 1 byte [00] .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ws2_32.dll!WSAConnect 000000000219e0f0 6 bytes {JMP QWORD [RIP+0xe1f7a]} .text C:\Windows\system32\taskeng.exe[5108] C:\Windows\system32\ws2_32.dll!getpeername 000000000219e450 6 bytes {JMP QWORD [RIP+0xe1c8a]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes JMP 78787878 .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\ws2_32.dll!connect + 1 00000000024b45c1 5 bytes {JMP QWORD [RIP+0xeba72]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\ws2_32.dll!getsockname 00000000024b9480 6 bytes {JMP QWORD [RIP+0xe6c22]} .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\ws2_32.dll!WSAConnect 00000000024de0f0 6 bytes JMP 90000 .text C:\Windows\system32\Dwm.exe[5132] C:\Windows\system32\ws2_32.dll!getpeername 00000000024de450 6 bytes JMP 0 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 0000000105480095 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 000000010548002d .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 00000001054800c9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5372] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 0000000105480061 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes JMP 690077 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes JMP 8644940 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes JMP 0 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes JMP 0 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes JMP 0 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 C:\Program Files\Logitech Gaming Software\QtHelp4.dll .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefde045c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\WS2_32.dll!getsockname 000007fefde09480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefde2e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[5572] C:\Windows\system32\WS2_32.dll!getpeername 000007fefde2e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70d6000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70d6000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70c7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70be000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70be000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70ee000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70ee000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70ca000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70ca000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70df000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70df000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70c4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70c4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70f4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70f4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d3000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d3000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70eb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70eb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70e5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70e5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70e8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70e8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70bb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70bb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d0000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d0000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70b8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70b8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70cd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70cd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70dc000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70dc000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70d9000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70d9000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7181000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 7178000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 7184000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 717e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 717b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 7187000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 716f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7166000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 716c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7169000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7151000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7145000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7100000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 713f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7139000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7157000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7106000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7106000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 714b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 711e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7115000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7115000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 70fd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7112000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7112000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 714e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7148000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7154000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7142000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7103000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 715a000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 712d000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7133000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 713c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 715d000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 710f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 710f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 712a000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7127000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 711b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7121000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7121000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7124000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7124000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7109000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 70fa000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7160000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7163000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7136000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7130000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 710c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 710c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7118000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7118000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7172000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 7175000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe[5592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefde045c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\WS2_32.dll!getsockname 000007fefde09480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefde2e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\WS2_32.dll!getpeername 000007fefde2e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[5604] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Program Files\Logitech\SetPointP\LBTWiz.exe[5616] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c92bcd 5 bytes JMP 00000001000631c2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 00000001029d0095 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 00000001029d002d .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 00000001029d00c9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 00000001029d0061 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\ws2_32.dll!connect + 1 0000000003a445c1 5 bytes {JMP QWORD [RIP+0x5bba72]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\ws2_32.dll!getsockname 0000000003a49480 6 bytes {JMP QWORD [RIP+0x5b6c22]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\ws2_32.dll!WSAConnect 0000000003a6e0f0 6 bytes {JMP QWORD [RIP+0x591f7a]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5788] C:\Windows\system32\ws2_32.dll!getpeername 0000000003a6e450 6 bytes {JMP QWORD [RIP+0x591c8a]} .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 0000000102e20095 .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 0000000102e2002d .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 0000000102e200c9 .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 0000000102e20061 .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\Steam.exe[5900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\ws2_32.dll!connect + 1 0000000003c045c1 5 bytes {JMP QWORD [RIP-0x5458e]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\ws2_32.dll!getsockname 0000000003c09480 6 bytes {JMP QWORD [RIP-0x593de]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\ws2_32.dll!WSAConnect 0000000003c2e0f0 6 bytes {JMP QWORD [RIP-0x7e086]} .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[5944] C:\Windows\system32\ws2_32.dll!getpeername 0000000003c2e450 6 bytes {JMP QWORD [RIP-0x7e376]} .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70d6000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70d6000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70c7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70be000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70be000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70ee000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70ee000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70ca000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70ca000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70df000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70df000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70c4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70c4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70af000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70f4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70f4000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d3000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d3000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70eb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70eb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f1000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70e5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70e5000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70e8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70e8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70bb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70bb000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b2000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d0000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d0000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70b8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70b8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70cd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70cd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70dc000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70dc000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70d9000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70d9000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7181000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 7178000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 7184000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 717e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 717b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 7187000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 716f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7166000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 716c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7169000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7151000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7145000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7100000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 713f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7139000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7157000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7106000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7106000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 714b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 711e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7115000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7115000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 70fd000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7112000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7112000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 714e000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7148000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7154000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7142000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7103000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 715a000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 712d000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7133000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 713c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 715d000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 710f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 710f000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 712a000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7127000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 711b000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7121000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7121000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7124000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7124000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7109000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 70fa000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7160000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7163000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7136000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7130000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 710c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 710c000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7118000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7118000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7172000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 7175000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe[6024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70d6000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70d6000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c1000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c1000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70c7000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70be000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70be000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70ee000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70ee000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70ca000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70ca000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e2000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e2000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70df000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70df000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70c4000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70c4000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70af000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70af000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70f4000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70f4000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d3000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d3000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70eb000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70eb000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f1000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f1000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70e5000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70e5000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70e8000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70e8000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70bb000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70bb000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b2000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b2000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d0000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d0000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70b8000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70b8000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70cd000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70cd000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70dc000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70dc000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70d9000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70d9000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7181000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 7178000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 7184000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 717e000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 717b000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 7187000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 716f000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7166000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 716c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7169000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7151000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7145000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7100000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 713f000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7139000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7157000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7106000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7106000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 714b000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 711e000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7115000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7115000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 70fd000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7112000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7112000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 714e000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7148000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7154000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7142000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7103000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 715a000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 712d000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7133000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 713c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 715d000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 710f000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 710f000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 712a000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7127000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 711b000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7121000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7121000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7124000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7124000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7109000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 70fa000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7160000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7163000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7136000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7130000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 710c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 710c000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7118000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7118000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7172000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 7175000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 0000000104ba0095 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 0000000104ba002d .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 0000000104ba00c9 .text C:\Program Files (x86)\uTorrent\uTorrent.exe[6036] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 0000000104ba0061 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes JMP e8000000 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 41500000 .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefde045c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\WS2_32.dll!getsockname 000007fefde09480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefde2e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\WS2_32.dll!getpeername 000007fefde2e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe[5204] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 222c7d30 .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe[6460] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[6584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\shell32.DLL!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text C:\Program Files (x86)\Ad Muncher\AdMunch.exe[6604] C:\Windows\syswow64\shell32.DLL!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 0000000102cc0095 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\WS2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 0000000102cc002d .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 0000000102cc00c9 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 0000000102cc0061 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[6780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text C:\Windows\SysWOW64\CtHelper.exe[6864] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[7000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[7012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text C:\Program Files (x86)\TeamViewer\tv_w32.exe[7024] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Program Files (x86)\TeamViewer\tv_x64.exe[7052] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\ws2_32.dll!ioctlsocket + 38 0000000076c130aa 7 bytes JMP 00000001041d0095 .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\ws2_32.dll!recv + 202 0000000076c16bd8 7 bytes JMP 00000001041d002d .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\ws2_32.dll!WSARecv + 185 0000000076c17142 7 bytes JMP 00000001041d00c9 .text D:\Games\Steam\bin\steamwebhelper.exe[5928] C:\Windows\syswow64\ws2_32.dll!WSARecvFrom + 148 0000000076c1cc3a 7 bytes JMP 00000001041d0061 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Program Files (x86)\Ad Muncher\AdMunch64.exe[6920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes JMP dda765c7 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes JMP 80011400 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes JMP c2150301 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes JMP 0 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes JMP 572c2302 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes JMP e1a .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes JMP 1140070 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes JMP 5d9a6320 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes JMP 210e7f00 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes JMP c001a701 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes JMP 20d090e .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes JMP 78010b .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes JMP 997b6598 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes JMP 1800440 C:\Windows\system32\SHELL32.dll .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes JMP eaebe4e2 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\SearchIndexer.exe[7236] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7392] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[7392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\System32\svchost.exe[7584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70b5000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70b5000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes [D5, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c1000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70c7000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes [BD, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70ee000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70ca000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes [E1, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70df000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70c4000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes [AE, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes [F3, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70f7000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes [D2, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes [EA, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes [F0, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes [E4, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes [E7, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes [BA, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b2000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b2000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes [CF, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes [B7, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes [CC, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes [DB, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes [D8, 70] .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes {JMP QWORD [RIP+0x7180001e]} .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes {JMP QWORD [RIP+0x7177001e]} .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes {JMP QWORD [RIP+0x7183001e]} .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes {JMP QWORD [RIP+0x717d001e]} .text C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe[6904] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes {JMP QWORD [RIP+0x717a001e]} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70dc000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70dc000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70c7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70c7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70cd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70cd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70f4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70f4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d0000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d0000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70e8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70e8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70e5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70e5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70ca000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70ca000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 70fa000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 70fa000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 70fd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 70fd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70d9000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70d9000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70f7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70f7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70eb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70eb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70ee000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70ee000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70b8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70b8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70d6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70d6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70be000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70be000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d3000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d3000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70df000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70df000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 7157000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 714b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 7106000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 7145000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 713f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 715d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 710c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 710c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7151000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 7124000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 711b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 711b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7103000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 7118000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 7118000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 7154000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 714e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 715a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 7148000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 7109000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7160000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7133000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 7139000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7142000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7163000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 7115000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 7115000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7130000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 712d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7121000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 7127000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 7127000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 712a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 712a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 710f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7100000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 7166000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 7169000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 713c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 7136000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7112000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7112000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 711e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 711e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 7175000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 716c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7172000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 716f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 7178000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 717b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2900] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3fa51 7 bytes {MOV EDX, 0xabd2e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077c3facd 7 bytes {MOV EDX, 0xabd1a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bf000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bf000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077c3fbe5 7 bytes {MOV EDX, 0xabd168; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fc95 7 bytes {MOV EDX, 0xabd328; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fcc5 7 bytes {MOV EDX, 0xabd268; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fcdd 7 bytes {MOV EDX, 0xabd128; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fcf5 7 bytes {MOV EDX, 0xabd3e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fd25 7 bytes {MOV EDX, 0xabd428; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fda5 7 bytes {MOV EDX, 0xabd3a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fdbd 7 bytes {MOV EDX, 0xabd368; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fe09 7 bytes {MOV EDX, 0xabd068; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3ff01 7 bytes {MOV EDX, 0xabd0a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40159 7 bytes {MOV EDX, 0xabd028; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b9000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b9000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c5000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c5000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70bc000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70bc000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c2000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c2000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077c410bd 7 bytes {MOV EDX, 0xabd1e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c41165 7 bytes {MOV EDX, 0xabd2a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c411dd 7 bytes {MOV EDX, 0xabd228; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c413e1 7 bytes {MOV EDX, 0xabd0e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b3000a .text D:\Games\Steam\bin\steamwebhelper.exe[3312] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b6000a .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[8056] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x17db70]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0x117c98]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf7674]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0x136d10]} .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP fcffd740 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 0 .text C:\Windows\System32\NETSTAT.EXE[5540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x2c8bc0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\conhost.exe[3464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c3fa51 7 bytes {MOV EDX, 0xdc92e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077c3facd 7 bytes {MOV EDX, 0xdc91a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70bf000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70bf000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077c3fbe5 7 bytes {MOV EDX, 0xdc9168; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c3fc95 7 bytes {MOV EDX, 0xdc9328; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c3fcc5 7 bytes {MOV EDX, 0xdc9268; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c3fcdd 7 bytes {MOV EDX, 0xdc9128; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c3fcf5 7 bytes {MOV EDX, 0xdc93e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c3fd25 7 bytes {MOV EDX, 0xdc9428; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c3fda5 7 bytes {MOV EDX, 0xdc93a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c3fdbd 7 bytes {MOV EDX, 0xdc9368; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c3fe09 7 bytes {MOV EDX, 0xdc9068; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c3ff01 7 bytes {MOV EDX, 0xdc90a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70c8000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70c8000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c40159 7 bytes {MOV EDX, 0xdc9028; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70b9000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70b9000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c5000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c5000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70bc000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70bc000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c2000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c2000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077c410bd 7 bytes {MOV EDX, 0xdc91e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c41165 7 bytes {MOV EDX, 0xdc92a8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c411dd 7 bytes {MOV EDX, 0xdc9228; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c413e1 7 bytes {MOV EDX, 0xdc90e8; JMP RDX} .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b3000a .text D:\Games\Steam\bin\steamwebhelper.exe[4088] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b6000a .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a8d530 8 bytes JMP 000000016fff0148 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 8 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[5400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x89bd270]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort 0000000077a8d470 6 bytes {JMP QWORD [RIP+0x8692bc0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8972b90]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x9592ac0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 0000000077a8d5d0 6 bytes {JMP QWORD [RIP+0x8672a60]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory 0000000077a8d5e0 6 bytes {JMP QWORD [RIP+0x88d2a50]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x94829c0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x88b2950]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8852910]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 0000000077a8d740 6 bytes {JMP QWORD [RIP+0x88f28f0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a8d7b0 6 bytes {JMP QWORD [RIP+0x8712880]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x9532870]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x86f2800]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x88327e0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x94027a0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x9422750]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8892730]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8632540]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8612530]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8652430]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x87f2360]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8732320]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x86b22b0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 0000000077a8dd90 6 bytes {JMP QWORD [RIP+0x88722a0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x87b2280]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8772220]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x9552210]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x95b2200]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort 0000000077a8de90 6 bytes {JMP QWORD [RIP+0x88121a0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x94b1e90]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x9571e00]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a8e290 6 bytes {JMP QWORD [RIP+0x8931da0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a8e2a0 6 bytes {JMP QWORD [RIP+0x8911d90]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a8e2d0 6 bytes {JMP QWORD [RIP+0x8751d60]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a8e340 6 bytes {JMP QWORD [RIP+0x86d1cf0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a8e390 6 bytes {JMP QWORD [RIP+0x8791ca0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 0000000077a8e8a0 6 bytes {JMP QWORD [RIP+0x87d1790]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x94d1590]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 0000000077a8eac0 6 bytes {JMP QWORD [RIP+0x8951570]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x9441510]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x9461490]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringW 00000000778262e0 6 bytes {JMP QWORD [RIP+0x87f9d50]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x904e7a0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!RegOpenKeyExW 0000000077833a20 6 bytes {JMP QWORD [RIP+0x884c610]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x8fa24b0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringA 00000000778a1790 6 bytes {JMP QWORD [RIP+0x879e8a0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x8f70af0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8fb0ac0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x8f508f0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x8f8ab20]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 000007fefda29141 5 bytes {JMP QWORD [RIP+0xb6ef0]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0C] .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007feff17687c 6 bytes {JMP QWORD [RIP+0x2697b4]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!I_ScValidatePnPService 000007feff178e30 6 bytes {JMP QWORD [RIP+0x417200]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!I_ScPnPGetServiceName 000007feff17995c 6 bytes {JMP QWORD [RIP+0x3f66d4]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007feff1799e4 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007feff179ac8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007feff17a51c 6 bytes JMP 650069 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007feff17a530 6 bytes JMP 93d .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007feff17a5b0 5 bytes [FF, 25, 80, 5A, 1E] .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007feff17a5c4 6 bytes {JMP QWORD [RIP+0x205a6c]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007feff17bb28 6 bytes {JMP QWORD [RIP+0x284508]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007feff17bb3c 3 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA + 4 000007feff17bb40 2 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007feff483d60 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes JMP 7250202c .text C:\Windows\system32\svchost.exe[8252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x89bd270]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort 0000000077a8d470 6 bytes {JMP QWORD [RIP+0x8692bc0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8972b90]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x9592ac0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 0000000077a8d5d0 6 bytes {JMP QWORD [RIP+0x8672a60]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory 0000000077a8d5e0 6 bytes {JMP QWORD [RIP+0x88d2a50]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x94829c0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x88b2950]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8852910]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 0000000077a8d740 6 bytes {JMP QWORD [RIP+0x88f28f0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a8d7b0 6 bytes {JMP QWORD [RIP+0x8712880]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x9532870]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x86f2800]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x88327e0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x94027a0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x9422750]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8892730]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8632540]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8612530]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8652430]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x87f2360]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8732320]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x86b22b0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile 0000000077a8dd90 6 bytes {JMP QWORD [RIP+0x88722a0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x87b2280]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8772220]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x9552210]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x95b2200]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort 0000000077a8de90 6 bytes {JMP QWORD [RIP+0x88121a0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x94b1e90]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x9571e00]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a8e290 6 bytes {JMP QWORD [RIP+0x8931da0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a8e2a0 6 bytes {JMP QWORD [RIP+0x8911d90]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a8e2d0 6 bytes {JMP QWORD [RIP+0x8751d60]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a8e340 6 bytes {JMP QWORD [RIP+0x86d1cf0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a8e390 6 bytes {JMP QWORD [RIP+0x8791ca0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 0000000077a8e8a0 6 bytes {JMP QWORD [RIP+0x87d1790]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x94d1590]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemTime 0000000077a8eac0 6 bytes {JMP QWORD [RIP+0x8951570]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x9441510]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x9461490]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringW 00000000778262e0 6 bytes {JMP QWORD [RIP+0x87f9d50]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x904e7a0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!RegOpenKeyExW 0000000077833a20 6 bytes {JMP QWORD [RIP+0x884c610]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x8fa24b0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringA 00000000778a1790 6 bytes {JMP QWORD [RIP+0x879e8a0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x8f70af0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8fb0ac0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x8f508f0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x8f8ab20]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 000007fefda29141 5 bytes {JMP QWORD [RIP+0xb6ef0]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0C] .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus 000007feff17687c 6 bytes {JMP QWORD [RIP+0x2697b4]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!I_ScValidatePnPService 000007feff178e30 6 bytes {JMP QWORD [RIP+0x417200]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!I_ScPnPGetServiceName 000007feff17995c 6 bytes {JMP QWORD [RIP+0x3f66d4]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA 000007feff1799e4 6 bytes {JMP QWORD [RIP+0x1c664c]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW 000007feff179ac8 6 bytes {JMP QWORD [RIP+0x1a6568]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW 000007feff17a51c 6 bytes {JMP QWORD [RIP+0x245b14]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA 000007feff17a530 6 bytes {JMP QWORD [RIP+0x225b00]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW 000007feff17a5b0 5 bytes [FF, 25, 80, 5A, 1E] .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA 000007feff17a5c4 6 bytes {JMP QWORD [RIP+0x205a6c]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange 000007feff17bb28 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA 000007feff17bb3c 3 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8276] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA + 4 000007feff17bb40 2 bytes JMP 0 .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\svchost.exe[8276] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes JMP 57005c .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes JMP ffffffff .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes JMP 30 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes JMP 0 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes JMP 4 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes JMP 700070 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes JMP 0 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes JMP 0 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes JMP 0 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefde045c1 5 bytes {JMP QWORD [RIP-0x7fef458e]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\WS2_32.dll!getsockname 000007fefde09480 6 bytes {JMP QWORD [RIP-0x7fed9416]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefde2e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\WS2_32.dll!getpeername 000007fefde2e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf6dd64]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xfcdb70]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xfea440]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xf27c98]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xf07674]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xf46d10]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x1024648]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x1003740]} .text C:\Users\patryk\Downloads\FRST64.exe[8536] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x10d8bc0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL 211b00 .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 30000 .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0xf1dd64]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0xf7db70]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0xf9a440]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xed7c98]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xef6d10]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0xfd4648]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0xfb3740]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\SHELL32.dll!SHFileOperationW 000007fefdea9050 5 bytes [FF, 25, E0, 6F, E5] .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\SHELL32.dll!SHFileOperation 000007fefe0c2fc0 6 bytes {JMP QWORD [RIP+0xc1d070]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\ws2_32.dll!connect + 1 00000000023345c1 5 bytes {JMP QWORD [RIP+0x61ba72]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\ws2_32.dll!getsockname 0000000002339480 6 bytes {JMP QWORD [RIP+0x616c22]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\ws2_32.dll!WSAConnect 000000000235e0f0 6 bytes {JMP QWORD [RIP+0x5f1f7a]} .text C:\Windows\Explorer.EXE[6672] C:\Windows\system32\ws2_32.dll!getpeername 000000000235e450 6 bytes {JMP QWORD [RIP+0x5f1c8a]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes CALL d8c00 .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes JMP 1000100 .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\servicing\TrustedInstaller.exe[2684] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a62dc0 6 bytes {JMP QWORD [RIP+0x85dd270]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077a8d4a0 6 bytes {JMP QWORD [RIP+0x8592b90]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077a8d570 6 bytes {JMP QWORD [RIP+0x8dd2ac0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a8d670 6 bytes {JMP QWORD [RIP+0x8c729c0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a8d6e0 6 bytes {JMP QWORD [RIP+0x8d52950]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a8d720 6 bytes {JMP QWORD [RIP+0x8d12910]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077a8d7c0 6 bytes {JMP QWORD [RIP+0x8d72870]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a8d830 6 bytes {JMP QWORD [RIP+0x8b72800]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a8d850 6 bytes {JMP QWORD [RIP+0x8cf27e0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a8d890 6 bytes {JMP QWORD [RIP+0x8bf27a0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a8d8e0 6 bytes {JMP QWORD [RIP+0x8c12750]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a8d900 6 bytes {JMP QWORD [RIP+0x8d32730]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000077a8daf0 6 bytes {JMP QWORD [RIP+0x8e12540]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000077a8db00 6 bytes {JMP QWORD [RIP+0x8b32530]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a8dc00 6 bytes {JMP QWORD [RIP+0x8b12430]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077a8dcd0 6 bytes {JMP QWORD [RIP+0x8c92360]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a8dd10 6 bytes {JMP QWORD [RIP+0x8b92320]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a8dd80 6 bytes {JMP QWORD [RIP+0x8b522b0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000077a8ddb0 6 bytes {JMP QWORD [RIP+0x8bd2280]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a8de10 6 bytes {JMP QWORD [RIP+0x8bb2220]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077a8de20 6 bytes {JMP QWORD [RIP+0x8d92210]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a8de30 6 bytes {JMP QWORD [RIP+0x8df2200]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a8e1a0 6 bytes {JMP QWORD [RIP+0x8cb1e90]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077a8e230 6 bytes {JMP QWORD [RIP+0x8db1e00]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a8eaa0 6 bytes {JMP QWORD [RIP+0x8cd1590]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a8eb20 6 bytes {JMP QWORD [RIP+0x8c31510]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a8eba0 6 bytes {JMP QWORD [RIP+0x8c51490]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!CopyFileExW 0000000077831890 6 bytes {JMP QWORD [RIP+0x88ce7a0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!CreateProcessInternalW 000000007783db80 6 bytes {JMP QWORD [RIP+0x88224b0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!MoveFileWithProgressW 00000000778af540 6 bytes {JMP QWORD [RIP+0x87f0af0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!MoveFileTransactedW 00000000778af570 6 bytes {JMP QWORD [RIP+0x8830ac0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!MoveFileWithProgressA 00000000778af740 6 bytes {JMP QWORD [RIP+0x87d08f0]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\kernel32.dll!MoveFileTransactedA 00000000778b5510 6 bytes {JMP QWORD [RIP+0x880ab20]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 355 000007fefda292a3 3 bytes [67, 6D, 06] .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefda336f0 5 bytes [FF, 25, 40, C9, 0A] .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefdd922cc 6 bytes {JMP QWORD [RIP+0x10dd64]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!BitBlt 000007fefdd924c0 6 bytes {JMP QWORD [RIP+0x12db70]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefdd95bf0 6 bytes {JMP QWORD [RIP+0x14a440]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefdd98398 6 bytes {JMP QWORD [RIP+0xc7c98]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefdd989bc 6 bytes {JMP QWORD [RIP+0xa7674]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!GetPixel 000007fefdd99320 6 bytes {JMP QWORD [RIP+0xe6d10]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefdd9b9e8 6 bytes {JMP QWORD [RIP+0x184648]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefdd9c8f0 6 bytes {JMP QWORD [RIP+0x163740]} .text C:\Windows\system32\AUDIODG.EXE[3760] C:\Windows\System32\ole32.dll!CoCreateInstance 000007fefdba7470 6 bytes {JMP QWORD [RIP+0x278bc0]} .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077c3fa80 3 bytes JMP 71af000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000077c3fa84 2 bytes JMP 71af000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077c3fbc8 3 bytes JMP 70c1000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000077c3fbcc 2 bytes JMP 70c1000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077c3fd50 3 bytes JMP 70e2000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000077c3fd54 2 bytes JMP 70e2000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077c3fe04 3 bytes JMP 70cd000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000077c3fe08 2 bytes JMP 70cd000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077c3fe68 3 bytes JMP 70d3000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000077c3fe6c 2 bytes JMP 70d3000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000077c3ff60 3 bytes JMP 70ca000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000077c3ff64 2 bytes JMP 70ca000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000077c40014 3 bytes JMP 70fa000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000077c40018 2 bytes JMP 70fa000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077c40044 3 bytes JMP 70d6000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000077c40048 2 bytes JMP 70d6000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077c400a4 3 bytes JMP 70ee000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000077c400a8 2 bytes JMP 70ee000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077c40124 3 bytes JMP 70eb000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000077c40128 2 bytes JMP 70eb000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077c40154 3 bytes JMP 70d0000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000077c40158 2 bytes JMP 70d0000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000077c40458 3 bytes JMP 70bb000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000077c4045c 2 bytes JMP 70bb000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000077c40470 3 bytes JMP 7100000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000077c40474 2 bytes JMP 7100000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c405f0 3 bytes JMP 7103000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000077c405f4 2 bytes JMP 7103000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077c40734 3 bytes JMP 70df000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000077c40738 2 bytes JMP 70df000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000077c40794 3 bytes JMP 70f7000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000077c40798 2 bytes JMP 70f7000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077c4083c 3 bytes JMP 70fd000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000077c40840 2 bytes JMP 70fd000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000077c40884 3 bytes JMP 70f1000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000077c40888 2 bytes JMP 70f1000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000077c40914 3 bytes JMP 70f4000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000077c40918 2 bytes JMP 70f4000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077c4092c 3 bytes JMP 70c7000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000077c40930 2 bytes JMP 70c7000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077c40944 3 bytes JMP 70be000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000077c40948 2 bytes JMP 70be000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077c40e94 3 bytes JMP 70dc000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000077c40e98 2 bytes JMP 70dc000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077c40f78 3 bytes JMP 70c4000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000077c40f7c 2 bytes JMP 70c4000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077c41c84 3 bytes JMP 70d9000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000077c41c88 2 bytes JMP 70d9000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077c41d54 3 bytes JMP 70e8000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000077c41d58 2 bytes JMP 70e8000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077c41e2c 3 bytes JMP 70e5000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000077c41e30 2 bytes JMP 70e5000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c63d8c 6 bytes JMP 71a8000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077253bbb 3 bytes JMP 719c000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 0000000077253bbf 2 bytes JMP 719c000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000077259abc 6 bytes JMP 7187000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000077263b7a 6 bytes JMP 717e000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007726cce1 6 bytes JMP 718a000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 00000000772bdcbe 6 bytes JMP 7184000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 00000000772bdd61 6 bytes JMP 7181000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000076c8f897 6 bytes JMP 719f000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 575 0000000076c92e0c 4 bytes CALL 71ac0000 .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetWindowLongW 00000000776f8332 6 bytes JMP 715d000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 00000000776f8bff 6 bytes JMP 7151000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000776f90d3 6 bytes JMP 710c000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000776f9679 6 bytes JMP 714b000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000776f97d2 6 bytes JMP 7145000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000776fee09 6 bytes JMP 7163000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!RegisterHotKey 00000000776fefc9 3 bytes JMP 7112000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 00000000776fefcd 2 bytes JMP 7112000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000777012a5 6 bytes JMP 7157000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007770291f 6 bytes JMP 712a000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetParent 0000000077702d64 3 bytes JMP 7121000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000077702d68 2 bytes JMP 7121000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000077702da4 6 bytes JMP 7109000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000077703698 3 bytes JMP 711e000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007770369c 2 bytes JMP 711e000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077703baa 6 bytes JMP 715a000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000077703c61 6 bytes JMP 7154000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000077706110 6 bytes JMP 7160000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007770612e 6 bytes JMP 714e000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000077706c30 6 bytes JMP 710f000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077707603 6 bytes JMP 7166000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000077707668 6 bytes JMP 7139000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000777076e0 6 bytes JMP 713f000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007770781f 6 bytes JMP 7148000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007770835c 6 bytes JMP 7169000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007770c4b6 3 bytes JMP 711b000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007770c4ba 2 bytes JMP 711b000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007771c112 6 bytes JMP 7136000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007771d0f5 6 bytes JMP 7133000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007771eb96 6 bytes JMP 7127000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007771ec68 3 bytes JMP 712d000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007771ec6c 2 bytes JMP 712d000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendInput 000000007771ff4a 3 bytes JMP 7130000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007771ff4e 2 bytes JMP 7130000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077739f1d 6 bytes JMP 7115000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000077741497 6 bytes JMP 7106000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!mouse_event 000000007775027b 6 bytes JMP 716c000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!keybd_event 00000000777502bf 6 bytes JMP 716f000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000077756cfc 6 bytes JMP 7142000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000077756d5d 6 bytes JMP 713c000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!BlockInput 0000000077757dd7 3 bytes JMP 7118000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!BlockInput + 4 0000000077757ddb 2 bytes JMP 7118000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000777588eb 3 bytes JMP 7124000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000777588ef 2 bytes JMP 7124000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000773558b3 6 bytes JMP 718d000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077355ea5 6 bytes JMP 717b000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000077357ba4 6 bytes JMP 7196000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007735b986 6 bytes JMP 7190000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007735ba5f 6 bytes JMP 7172000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007735cc01 6 bytes JMP 7178000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007735ea03 6 bytes JMP 7193000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000077384960 6 bytes JMP 7175000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076fb9ccb 6 bytes JMP 7199000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077bf1401 2 bytes JMP 7726b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077bf1419 2 bytes JMP 7726b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077bf1431 2 bytes JMP 772e9011 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077bf144a 2 bytes CALL 772448ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077bf14dd 2 bytes JMP 772e890a C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077bf14f5 2 bytes JMP 772e8ae0 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077bf150d 2 bytes JMP 772e8800 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077bf1525 2 bytes JMP 772e8bca C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077bf153d 2 bytes JMP 7725fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077bf1555 2 bytes JMP 77266907 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077bf156d 2 bytes JMP 772e90c9 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077bf1585 2 bytes JMP 772e8c2a C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077bf159d 2 bytes JMP 772e87c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077bf15b5 2 bytes JMP 7725fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077bf15cd 2 bytes JMP 7726b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077bf16b2 2 bytes JMP 772e8f8c C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077bf16bd 2 bytes JMP 772e8759 C:\Windows\syswow64\kernel32.dll .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 0000000075c496c0 6 bytes JMP 70b5000a .text C:\Users\patryk\Downloads\vyuxgmic.exe[3152] C:\Windows\syswow64\SHELL32.dll!SHFileOperation 0000000075e4c431 6 bytes JMP 70b8000a ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007617bb1e7 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0007617bb1e7@0007613aa507 0xFE 0xE9 0x66 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000761919777 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000761919777@0007613aa507 0x37 0x6D 0x1E 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x28 0x71 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x35 0x58 0x18 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x5B 0x22 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0007617bb1e7 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0007617bb1e7@0007613aa507 0xFE 0xE9 0x66 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000761919777 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000761919777@0007613aa507 0x37 0x6D 0x1E 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x28 0x71 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x35 0x58 0x18 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x5B 0x22 0xC7 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----