GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-17 11:24:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 KINGSTON rev.507K 111,79GB Running: s7xfqet0.exe; Driver: C:\Users\admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fbde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777fbfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006fff0228 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007759d660 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!SetClipboardData 00000000775ae43c 5 bytes JMP 000000006fff00d8 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!GetClipboardData 00000000775ae854 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!mouse_event 00000000775b3874 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!SendInput 00000000775b8c90 8 bytes JMP 000000006fff0180 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!PrintWindow 00000000775bb130 8 bytes JMP 000000006fff0260 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\USER32.dll!keybd_event 0000000077604610 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\wininit.exe[664] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000777fbde0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000777fbfe0 8 bytes JMP 000000006fff0110 .text C:\Windows\system32\csrss.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\services.exe[724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde42930 5 bytes JMP 000007fefd0c01b8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SwitchDesktop 0000000077595330 7 bytes JMP 000000006fff0c00 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000077596ea0 8 bytes JMP 000000006fff0960 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000775980e4 7 bytes JMP 000000006fff0ae8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetParent 0000000077598480 8 bytes JMP 000000006fff0998 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000077599b10 6 bytes JMP 000000006fff0490 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!PostMessageA 000000007759a354 5 bytes JMP 000000006fff0570 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!EnableWindow 000000007759aa00 9 bytes JMP 000000006fff0b58 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!MoveWindow 000000007759aa30 8 bytes JMP 000000006fff09d0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowLongPtrA 000000007759b474 6 bytes JMP 000000006fff0500 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!GetAsyncKeyState 000000007759c63c 5 bytes JMP 000000006fff0928 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!RegisterHotKey 000000007759cc90 8 bytes JMP 000000006fff0ab0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!PostThreadMessageA 000000007759d204 5 bytes JMP 000000006fff05e0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageA 000000007759d290 5 bytes JMP 000000006fff0650 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007759d660 8 bytes JMP 000000006ffe0148 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendNotifyMessageW 000000007759dbc0 9 bytes JMP 000000006fff07d8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SystemParametersInfoW 000000007759f490 1 byte JMP 000000006fff0b20 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SystemParametersInfoW + 2 000000007759f492 5 bytes {JMP 0xfffffffff8a51690} .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007759f804 9 bytes JMP 000000006fff0420 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 000000007759fa50 9 bytes JMP 000000006fff06f8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000775a0b14 10 bytes JMP 000000006fff0618 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowLongW 00000000775a3340 8 bytes JMP 000000006fff04c8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000775a4ccc 5 bytes JMP 000000006fff0458 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!GetKeyState 00000000775a4f80 5 bytes JMP 000000006fff08f0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000775a53d0 7 bytes JMP 000000006fff0768 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageW 00000000775a6b04 5 bytes JMP 000000006fff0688 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowLongPtrW 00000000775a76ac 8 bytes JMP 000000006fff0538 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!PostMessageW 00000000775a76d4 7 bytes JMP 000000006fff05a8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000775add9c 5 bytes JMP 000000006fff0848 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetClipboardData 00000000775ae43c 5 bytes JMP 000000006ffe00d8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!GetClipboardData 00000000775ae854 5 bytes JMP 000000006ffe0110 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000775af780 8 bytes JMP 000000006fff0a08 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000775b28d4 12 bytes JMP 000000006fff07a0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!mouse_event 00000000775b3874 7 bytes JMP 000000006ffe01f0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!GetKeyboardState 00000000775b89c0 8 bytes JMP 000000006fff08b8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 00000000775b8b88 12 bytes JMP 000000006fff06c0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000775b8bd0 12 bytes JMP 000000006fff03e8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendInput 00000000775b8c90 8 bytes JMP 000000006ffe0180 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!BlockInput 00000000775bad10 8 bytes JMP 000000006fff0a40 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!ClipCursor 00000000775bad60 8 bytes JMP 000000006fff0bc8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!PrintWindow 00000000775bb130 8 bytes JMP 000000006ffe0260 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000775e1534 5 bytes JMP 000000006fff0b90 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SetSystemCursor 00000000776045b0 5 bytes JMP 000000006fff0c38 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!keybd_event 0000000077604610 7 bytes JMP 000000006ffe01b8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007760cc7c 5 bytes JMP 000000006fff0810 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007760df8c 7 bytes JMP 000000006fff0730 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\services.exe[724] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\lsass.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\lsass.exe[740] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\lsm.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\lsm.exe[748] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006fff0228 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!SetThreadDesktop 000000007759d660 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!SetClipboardData 00000000775ae43c 5 bytes JMP 000000006fff00d8 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!GetClipboardData 00000000775ae854 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!mouse_event 00000000775b3874 7 bytes JMP 000000006fff01f0 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!SendInput 00000000775b8c90 8 bytes JMP 000000006fff0180 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!PrintWindow 00000000775bb130 8 bytes JMP 000000006fff0260 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\USER32.dll!keybd_event 0000000077604610 7 bytes JMP 000000006fff01b8 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\winlogon.exe[836] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde42930 5 bytes JMP 000007fefd0c01b8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe[980] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde42930 5 bytes JMP 000007fefd0c01b8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777fbeb0 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff0148 .text C:\Windows\system32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 1 byte JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 2 00000000777fc282 6 bytes {JMP 0xfffffffff87f3e90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[808] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\System32\svchost.exe[1156] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\System32\svchost.exe[1192] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[1228] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde42930 5 bytes JMP 000007fefd0c01b8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[1436] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde42930 5 bytes JMP 000007fefd0c01b8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\taskhost.exe[1800] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\Dwm.exe[1912] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\Explorer.EXE[2020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\Explorer.EXE[2020] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6f3d0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1376] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[2088] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6f770000 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe[2160] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6d2d0000 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe[2404] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\CCleaner\CCleaner64.exe[2428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6ef80000 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2532] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\System32\svchost.exe[2896] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2256] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 713d0000 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2308] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNEL32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe[3108] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe[3188] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 700e0000 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe[3236] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3340] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 00000000645fbac2 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6e230000 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3752] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6e4a0000 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[3912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\conhost.exe[3940] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 71170000 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6e510000 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4996] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[5028] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[5104] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 13 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 5 bytes JMP 000000006ffe0228 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 8 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 8 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 10 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[3196] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 8 bytes JMP 000000006fff00d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 8 bytes JMP 000000006fff1140 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 8 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 8 bytes JMP 000000006fff0df8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 8 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 8 bytes JMP 000000006fff1178 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 8 bytes JMP 000000006fff0f48 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 8 bytes JMP 000000006fff0f80 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\wbem\wmiprvse.exe[5168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6e0f0000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7060] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000777d76b1 11 bytes [B8, 50, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000777e5121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000777e512a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 12 bytes JMP 000000006fff00d8 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 12 bytes JMP 000000006fff1140 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 00000000777fbf40 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777fbf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777fbfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777fbfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 12 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777fc0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777fc0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777fc130 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 12 bytes JMP 000000006fff1098 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777fc180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000777fc200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 12 bytes JMP 000000006fff0df8 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 12 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000777fc750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 12 bytes JMP 000000006fff1178 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 12 bytes JMP 000000006fff0f48 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777fccf0 12 bytes [48, B8, 24, 20, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000777fd060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777fd260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 00000000777fd3f0 12 bytes [48, B8, DE, 1A, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 12 bytes JMP 000000006fff0f80 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777fd500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777fd510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007786e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd541861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd543371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd546401 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd546620 12 bytes [48, B8, CC, 1D, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd547901 11 bytes [B8, 62, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd548750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd54875a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd54a5c1 11 bytes [B8, 8E, 1F, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd54aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd54c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd54ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd551c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd553291 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd5535a1 11 bytes [B8, 0A, 1C, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd559ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd5738a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd57ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd5822c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd5822ca 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd582301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\SearchIndexer.exe[7588] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000777d2280 5 bytes JMP 000000006fff0110 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000777d76b1 11 bytes [B8, BA, 20, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000777e5121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000777e512a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 12 bytes JMP 000000006fff00d8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 12 bytes JMP 000000006fff1140 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 00000000777fbf40 12 bytes [48, B8, 24, 20, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777fbf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777fbfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777fbfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 12 bytes JMP 000000006fff0ed8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006fff1060 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000777fc0a0 8 bytes JMP 000000006fff0ff0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777fc0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777fc0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777fc130 12 bytes [48, B8, 0A, 1C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 8 bytes JMP 000000006fff1098 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777fc180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000777fc1b0 8 bytes JMP 000000006fff0d18 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000777fc1d0 8 bytes JMP 000000006fff0fb8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000777fc200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 12 bytes JMP 000000006fff0df8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777fc260 8 bytes JMP 000000006fff0e30 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006fff1028 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000777fc470 8 bytes JMP 000000006fff11b0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 00000000777fc480 8 bytes JMP 000000006fff0ca8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000777fc580 8 bytes JMP 000000006fff0c70 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 00000000777fc650 8 bytes JMP 000000006fff0f10 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000777fc690 8 bytes JMP 000000006fff0d50 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 12 bytes JMP 000000006fff0ce0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 00000000777fc730 1 byte JMP 000000006fff0dc0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 2 00000000777fc732 6 bytes {JMP 0xfffffffff87f4690} .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000777fc750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000777fc790 8 bytes JMP 000000006fff0d88 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 00000000777fc7a0 8 bytes JMP 000000006fff10d0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 12 bytes JMP 000000006fff1178 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 12 bytes JMP 000000006fff0f48 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 00000000777fcbb0 8 bytes JMP 000000006fff1108 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777fccf0 12 bytes [48, B8, 8E, 1F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000777fd060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777fd260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 00000000777fd3f0 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 12 bytes JMP 000000006fff0f80 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000777fd4a0 8 bytes JMP 000000006fff0e68 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777fd500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777fd510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000777fd520 8 bytes JMP 000000006fff0ea0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007786e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077691b21 11 bytes [B8, 02, 15, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077691c10 12 bytes [48, B8, 1E, 08, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000077692b60 12 bytes JMP 000000006fff0260 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000776a1870 5 bytes JMP 000000006fff0180 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000776add20 12 bytes JMP 000000006ffe0228 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000776b08c1 11 bytes [B8, 50, 21, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000776e54f1 11 bytes [B8, 90, 0E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000776e5511 11 bytes [B8, FA, 0D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!ReadConsoleW 00000000776fa830 12 bytes [48, B8, BC, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!ReadConsoleA 00000000776fa940 12 bytes [48, B8, 26, 0F, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW 000000007771f6e0 12 bytes JMP 000000006fff0340 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileTransactedW 000000007771f710 5 bytes JMP 000000006fff02d0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileW 000000007771f7e0 10 bytes JMP 000000006fff01f0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA 000000007771f8e0 12 bytes JMP 000000006fff0308 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileExA 000000007771f910 12 bytes JMP 000000006fff0228 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileA 000000007771f940 10 bytes JMP 000000006fff01b8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\kernel32.dll!MoveFileTransactedA 0000000077725730 5 bytes JMP 000000006fff0298 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd541861 11 bytes [B8, CE, 0C, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd543371 11 bytes [B8, 6C, 14, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd546401 11 bytes [B8, 62, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd546620 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd547901 11 bytes [B8, CC, 1D, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd548750 9 bytes [48, B8, 38, 0C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 10 000007fefd54875a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd54a5c1 11 bytes [B8, F8, 1E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd54aa61 11 bytes [B8, D6, 13, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd54c751 11 bytes [B8, AA, 12, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!OpenThread + 1 000007fefd54ef51 11 bytes [B8, E0, 09, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd551c41 11 bytes [B8, A2, 0B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd553291 11 bytes [B8, DE, 1A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!DeleteFileA + 1 000007fefd5535a1 11 bytes [B8, 74, 1B, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd553a50 7 bytes JMP 000007fefd0c0148 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd559ac0 12 bytes [48, B8, 40, 13, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd5738a0 12 bytes [48, B8, 0C, 0B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd57ff01 11 bytes [B8, 5A, 17, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd5822c1 8 bytes [B8, AC, 01, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd5822ca 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd582301 11 bytes [B8, 76, 0A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1a22e0 5 bytes JMP 000007fefe0b02d0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1a2390 5 bytes JMP 000007fefe0b0148 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!GdiAlphaBlend 000007fefe1a3e20 5 bytes JMP 000007fefe0b0260 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe1a7574 5 bytes JMP 000007fefe0b01b8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe1a81f4 9 bytes JMP 000007fefe0b0110 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1a8824 9 bytes JMP 000007fefe0b00d8 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe1a8d7c 5 bytes JMP 000007fefe0b0298 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe1aaf35 11 bytes [B8, 7C, 22, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe1abab4 5 bytes JMP 000007fefe0b0180 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe1ac7b0 5 bytes JMP 000007fefe0b01f0 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!GdiTransparentBlt 000007fefe1b52c0 5 bytes JMP 000007fefe0b0228 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe1c4935 11 bytes [B8, A8, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1c4955 11 bytes [B8, 3E, 24, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe1d9251 2 bytes [B8, D4] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\GDI32.dll!NamedEscape + 4 000007fefe1d9254 8 bytes [F2, FF, FF, 07, 00, 00, 50, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007fefd8aac21 11 bytes [B8, 1C, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007fefd8aac7d 11 bytes [B8, 44, 3E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007fefd8ae415 11 bytes [B8, C8, 42, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!OpenServiceW 000007fefd8ae514 12 bytes [48, B8, 94, 38, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007fefd8b01bd 11 bytes [B8, DA, 3E, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007fefd8b0291 11 bytes [B8, 86, 40, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007fefd8b02bd 11 bytes [B8, B2, 41, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CloseServiceHandle 000007fefd8ba830 12 bytes [48, B8, 82, 3C, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefd8c4291 11 bytes [B8, 12, 23, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefd8c49b0 12 bytes [48, B8, AE, 3D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007fefd8da409 7 bytes [B8, F0, 3F, F2, FF, FF, 07] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007fefd8da412 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefd8da490 12 bytes [48, B8, 18, 3D, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!ControlServiceExW 000007fefd8da5e8 36 bytes [48, B8, C0, 39, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefd8da66c 12 bytes [48, B8, 56, 3B, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefda26d10 11 bytes JMP 000007fefd0c0180 .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdf513b1 11 bytes [B8, 0E, 48, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdf518e0 12 bytes [48, B8, 78, 47, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdf51bd1 11 bytes [B8, E2, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdf52201 11 bytes [B8, 66, 4A, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdf523c0 12 bytes [48, B8, 8A, 44, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!connect 000007fefdf542f0 12 bytes [48, B8, F4, 43, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdf57cd1 11 bytes [B8, 4C, 46, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdf58ac0 8 bytes [48, B8, B6, 45, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdf58ac9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdf5be40 12 bytes [48, B8, 20, 45, F2, FF, FF, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdf5d911 11 bytes [B8, A4, 48, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdf5d9c1 11 bytes [B8, D0, 49, F2, FF, FF, 07, ...] .text C:\Windows\system32\svchost.exe[7704] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdf7e081 11 bytes [B8, 3A, 49, F2, FF, FF, 07, ...] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6f610000 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076020179 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b70 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000752f9030 5 bytes JMP 000000007ef21404 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000752f95d0 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539c650 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe[1076] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6ef80000 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b70 1 byte JMP 000000007ef20a74 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\urlmon.dll!CreateUri + 130 00000000752e2b72 3 bytes {JMP 0x9c3df04} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000752f9030 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000752f95d0 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539c650 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8208] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076020179 5 bytes JMP 000000007ef2146a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6e880000 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b70 1 byte JMP 000000007ef20a74 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\urlmon.dll!CreateUri + 130 00000000752e2b72 3 bytes {JMP 0x9c3df04} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000752f9030 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000752f95d0 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539c650 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8216] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076020179 5 bytes JMP 000000007ef2146a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6d490000 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20dc6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20da4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef2115c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef210f6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef2113a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef210d4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef21118 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20de8 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075701401 2 bytes JMP 7560b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075701419 2 bytes JMP 7560b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075701431 2 bytes JMP 75689149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007570144a 2 bytes CALL 755e4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757014dd 2 bytes JMP 75688a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757014f5 2 bytes JMP 75688c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007570150d 2 bytes JMP 75688938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075701525 2 bytes JMP 75688d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007570153d 2 bytes JMP 755ffcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075701555 2 bytes JMP 75606907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007570156d 2 bytes JMP 75689201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075701585 2 bytes JMP 75688d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007570159d 2 bytes JMP 756888fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757015b5 2 bytes JMP 755ffd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757015cd 2 bytes JMP 7560b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757016b2 2 bytes JMP 756890c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757016bd 2 bytes JMP 75688891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef21316 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef21228 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef2135a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef2137c .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 5 bytes JMP 000000007ef21338 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b70 1 byte JMP 000000007ef20a74 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\urlmon.dll!CreateUri + 130 00000000752e2b72 3 bytes {JMP 0x9c3df04} .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000752f9030 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000752f95d0 5 bytes JMP 000000007ef2139e .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539c650 5 bytes JMP 000000007ef213c0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe[8224] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076020179 5 bytes JMP 000000007ef2146a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef209a8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef20414 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20458 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef208ba .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20436 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2038c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201d2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef2036a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20986 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef20612 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203f2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20854 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2049c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef2047a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200e4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209ca .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2018e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20634 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2016c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef20106 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202e2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef2025a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207cc .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2027c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef20700 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef207aa .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef202c0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef2058a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef205ac .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ce .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNEL32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200c2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20568 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef20502 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201f4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20128 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20788 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20546 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20524 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef200a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20238 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef206bc .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 71800000 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef2069a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206de .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2007e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef204be .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef201b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef20216 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef20304 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20876 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20898 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef20920 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20942 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208fe .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2029e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20964 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef210d4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20e4e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20e2c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20ef8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef2106e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef209ec .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef210b2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20f1a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef2102a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef2104c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20e92 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20f3c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef21008 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20ed6 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef21090 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20e70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20eb4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef20fe6 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef20f80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20f5e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef20fa2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef20fc4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef20a0e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20ab8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20ada .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20afc .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef20a30 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20a96 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20a74 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20cd8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20c94 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20d3e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20da4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20b40 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20cb6 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20d82 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20d1c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20d60 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20b1e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20c2e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef20a52 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20c72 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20ba6 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20cfa .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20bea .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20c0c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20b62 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20b84 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20c50 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef2128e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef2126c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef212b0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef211c2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef21206 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef212f4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef211e4 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef211a0 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef21316 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef21228 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 2 bytes JMP 000000007ef212d2 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!WSAConnect + 3 0000000075d3bcd8 2 bytes [1E, 09] .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef2124a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\urlmon.dll!CreateUri + 128 00000000752e2b70 5 bytes JMP 000000007ef21338 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000752f9030 5 bytes JMP 000000007ef2139e .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000752f95d0 5 bytes JMP 000000007ef2135a .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007539c650 5 bytes JMP 000000007ef2137c .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3320] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076020179 5 bytes JMP 000000007ef213e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000779af9f0 5 bytes JMP 0000000074fb2c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000779afb38 5 bytes JMP 0000000074fa83c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000779afbb8 5 bytes JMP 000000007ef20986 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000779afc30 5 bytes JMP 000000007ef203f2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000779afc60 5 bytes JMP 000000007ef20018 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000779afc90 5 bytes JMP 000000007ef2003a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779afcc0 5 bytes JMP 0000000074fa7970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000779afd74 5 bytes JMP 0000000074fa9180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000779afdd8 5 bytes JMP 0000000074fa8760 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000779afe24 5 bytes JMP 000000007ef203ae .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000779afe54 5 bytes JMP 000000007ef20436 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000779afeb8 5 bytes JMP 000000007ef20898 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000779afed0 5 bytes JMP 0000000074faac90 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000779aff34 5 bytes JMP 000000007ef20414 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000779aff84 5 bytes JMP 0000000074fa6be0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000779affb4 5 bytes JMP 0000000074fa8970 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000779afffc 5 bytes JMP 000000007ef2036a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000779b0014 5 bytes JMP 0000000074fa7530 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000779b0094 5 bytes JMP 0000000074fa7780 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779b00c4 5 bytes JMP 0000000074fa8d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779b01d4 5 bytes JMP 000000007ef201b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000779b03c8 5 bytes JMP 0000000074faa180 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 00000000779b03e0 5 bytes JMP 0000000074faba50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779b0560 5 bytes JMP 0000000074fab770 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 00000000779b06a4 5 bytes JMP 0000000074fa7b60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 00000000779b0704 5 bytes JMP 0000000074fabb60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000779b07ac 5 bytes JMP 0000000074fa6ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 00000000779b07f4 5 bytes JMP 0000000074fabc70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000779b0824 5 bytes JMP 000000007ef20348 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 00000000779b0884 5 bytes JMP 0000000074fa6cf0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000779b089c 5 bytes JMP 0000000074faaf60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779b08b4 5 bytes JMP 0000000074faa6b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000779b0e04 5 bytes JMP 0000000074fa7dd0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 00000000779b0ee8 5 bytes JMP 0000000074fa81d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000779b10d0 5 bytes JMP 000000007ef20964 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000779b1614 5 bytes JMP 000000007ef205f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779b1930 5 bytes JMP 000000007ef203d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000779b1bac 5 bytes JMP 000000007ef20832 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000779b1bf4 5 bytes JMP 0000000074fa7fc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 00000000779b1cc4 5 bytes JMP 0000000074faab40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000779b1d64 5 bytes JMP 000000007ef2047a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000779b1d80 5 bytes JMP 000000007ef20458 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000779b1d9c 5 bytes JMP 0000000074fa85b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000779c2954 5 bytes JMP 000000007ef200c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000779c8ee1 5 bytes JMP 000000007ef209a8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000779cd2f6 7 bytes JMP 0000000074fb2ad0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 00000000779f005b 5 bytes JMP 000000007ef2016c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077a38757 5 bytes JMP 000000007ef20612 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077a3e9f7 5 bytes JMP 000000007ef2014a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755e0e00 5 bytes JMP 000000007ef200e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755e1072 5 bytes JMP 000000007ef202c0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755e4977 5 bytes JMP 000000007ef20238 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755f3bbb 5 bytes JMP 0000000074ecedf0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755f9abc 5 bytes JMP 0000000074f9f260 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755f9b1d 5 bytes JMP 000000007ef207aa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075603b7a 7 bytes JMP 0000000074f9fe20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 000000007560733f 5 bytes JMP 000000007ef2025a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000756088f2 5 bytes JMP 000000007ef206de .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007560ccf1 5 bytes JMP 000000007ef20788 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007560cd11 5 bytes JMP 0000000074f9ef50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedA 000000007565ddde 7 bytes JMP 0000000074f9f490 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!MoveFileTransactedW 000000007565de81 7 bytes JMP 0000000074f9f7a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075663231 3 bytes JMP 000000007ef2029e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!WinExec + 4 0000000075663235 1 byte [09] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007568773b 5 bytes JMP 000000007ef20568 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 000000007568775e 5 bytes JMP 000000007ef2058a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075687b09 5 bytes JMP 000000007ef205ac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000075687b82 5 bytes JMP 000000007ef205ce .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075d78fa5 5 bytes JMP 000000007ef200a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075d7c558 5 bytes JMP 000000007ef20546 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075d7edc6 5 bytes JMP 000000007ef204e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075d7f329 5 bytes JMP 000000007ef201d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 0000000075d7f8a7 5 bytes JMP 0000000074fb2ab0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075d7fbac 5 bytes JMP 000000007ef20106 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 0000000075d7fcda 5 bytes JMP 000000007ef20766 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075d8147b 5 bytes JMP 000000007ef20524 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075d814a2 5 bytes JMP 000000007ef20502 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075d81e4c 5 bytes JMP 000000007ef2007e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075d81f38 5 bytes JMP 000000007ef20216 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075d82bdc 5 bytes JMP 000000007ef2069a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 559 0000000075d82e0b 4 bytes CALL 6d520000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075d82e40 5 bytes JMP 000000007ef20678 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075d82e7e 5 bytes JMP 000000007ef206bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075d82fe1 5 bytes JMP 000000007ef2005c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!OpenThread 0000000075d8396a 5 bytes JMP 000000007ef2049c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075d83cd7 5 bytes JMP 000000007ef2018e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075d845fd 5 bytes JMP 000000007ef201f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075d8476f 5 bytes JMP 000000007ef204be .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075d84798 5 bytes JMP 000000007ef202e2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileW 0000000075d89dcf 5 bytes JMP 000000007ef20854 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!DeleteFileA 0000000075d8a11c 5 bytes JMP 000000007ef20876 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 0000000075d8a37a 5 bytes JMP 000000007ef208fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!FindClose 0000000075d8a589 5 bytes JMP 000000007ef20920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 0000000075d8a663 5 bytes JMP 000000007ef208dc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075d8c8a8 5 bytes JMP 000000007ef2027c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 0000000075d8e414 5 bytes JMP 000000007ef20942 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetWindowLongW 0000000075f16ffe 5 bytes JMP 000000007ef210b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075f178e2 5 bytes JMP 000000007ef20e2c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075f17bd3 5 bytes JMP 000000007ef20e0a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000075f18332 5 bytes JMP 0000000074fb3c20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f18a29 5 bytes JMP 000000007ef20ed6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000075f18bff 5 bytes JMP 0000000074fb4590 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000075f190d3 7 bytes JMP 0000000074fb3640 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000075f19679 5 bytes JMP 0000000074fb4a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000075f197d2 5 bytes JMP 0000000074fb4ff0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075f198fd 5 bytes JMP 000000007ef2104c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075f1b6fa 5 bytes JMP 000000007ef209ca .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetWindowLongA 0000000075f1d166 5 bytes JMP 000000007ef21090 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f1d23e 5 bytes JMP 000000007ef20ef8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075f1ee21 5 bytes JMP 0000000074fb3810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000075f1efe1 5 bytes JMP 0000000074fb7720 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075f1fffe 5 bytes JMP 000000007ef21008 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075f200f1 5 bytes JMP 000000007ef2102a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetThreadDesktop 0000000075f202ae 5 bytes JMP 0000000074ed1480 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075f205d2 5 bytes JMP 000000007ef20e70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075f20e13 3 bytes JMP 000000007ef20f1a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!ShowWindow + 4 0000000075f20e17 1 byte [09] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075f212bd 5 bytes JMP 0000000074fb40a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075f21f14 5 bytes JMP 000000007ef20fe6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075f22797 5 bytes JMP 0000000074fb66b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f2392d 5 bytes JMP 000000007ef20eb4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075f2398a 5 bytes JMP 000000007ef2106e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000075f23ef0 5 bytes JMP 0000000074fb6d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetParent 0000000075f245cc 5 bytes JMP 0000000074fb6f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f2460c 5 bytes JMP 0000000074fb7940 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075f24713 5 bytes JMP 0000000074fb6920 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000075f247e5 5 bytes JMP 0000000074fb6410 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075f24bbc 5 bytes JMP 0000000074fb3e00 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000075f24d1d 5 bytes JMP 0000000074fb4340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075f27044 5 bytes JMP 000000007ef20e4e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000075f271e0 5 bytes JMP 0000000074fb3a40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000075f271fe 5 bytes JMP 0000000074fb47e0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075f27355 5 bytes JMP 000000007ef20e92 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000075f27d59 7 bytes JMP 0000000074fb3460 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f281f5 5 bytes JMP 0000000074fb3140 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000075f2825a 5 bytes JMP 0000000074fb5a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000075f282d2 5 bytes JMP 0000000074fb5550 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000075f28411 5 bytes JMP 0000000074fb4d20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075f286de 5 bytes JMP 000000007ef20fc4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075f28f4c 5 bytes JMP 0000000074fb2e80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000075f2cc1e 5 bytes JMP 0000000074fb7170 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!ClipCursor 0000000075f2f2b3 5 bytes JMP 0000000074fb7d50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000075f3a072 5 bytes JMP 0000000074fb5d10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075f3d954 5 bytes JMP 000000007ef20f5e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000075f3dbf5 5 bytes JMP 0000000074fb5f60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f3ff2a 5 bytes JMP 0000000074ed1810 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075f41080 5 bytes JMP 000000007ef20f3c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075f58e6f 5 bytes JMP 0000000074ed1b80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000075f598b5 5 bytes JMP 0000000074fb7fb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075f59fa4 5 bytes JMP 0000000074ed1c10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000075f61533 5 bytes JMP 0000000074fb7b70 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f6fd66 5 bytes JMP 000000007ef20f80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f6fd8a 5 bytes JMP 000000007ef20fa2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SetSystemCursor 0000000075f70299 5 bytes JMP 0000000074fb8150 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!mouse_event 0000000075f7030f 5 bytes JMP 0000000074ed1a80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f70353 5 bytes JMP 0000000074ed19a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000075f76d94 5 bytes JMP 0000000074fb52b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000075f76df5 5 bytes JMP 0000000074fb57f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!BlockInput 0000000075f77e6f 5 bytes JMP 0000000074fb7340 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!PrintWindow 0000000075f788c3 5 bytes JMP 0000000074ecbcc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000075f78983 5 bytes JMP 0000000074fb6b80 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000755558b3 5 bytes JMP 0000000074ecbdc0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075555ea5 5 bytes JMP 0000000074eca4d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007555633b 5 bytes JMP 000000007ef209ec .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075557bcc 5 bytes JMP 0000000074eca200 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!GdiAlphaBlend 000000007555ae82 5 bytes JMP 0000000074ecb740 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007555b98a 5 bytes JMP 0000000074ecbaf0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007555bd7d 5 bytes JMP 0000000074eca870 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt 000000007555c08c 1 byte JMP 0000000074ecb390 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!GdiTransparentBlt + 2 000000007555c08e 3 bytes {JMP 0xffffffffff96f304} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007555cf11 5 bytes JMP 0000000074ecac20 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007555e935 5 bytes JMP 0000000074eca3b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007557872d 5 bytes JMP 000000007ef20a96 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 000000007557874c 5 bytes JMP 000000007ef20ab8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!NamedEscape 0000000075584222 5 bytes JMP 000000007ef20ada .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000075584aa2 5 bytes JMP 0000000074ecafe0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007735a472 5 bytes JMP 000000007ef20a0e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000773627ce 5 bytes JMP 000000007ef20a74 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007736e6cf 5 bytes JMP 000000007ef20a52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 0000000075e18e69 5 bytes JMP 000000007ef20cb6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 0000000075e19159 5 bytes JMP 000000007ef20c72 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 0000000075e19166 5 bytes JMP 000000007ef20d1c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 0000000075e1c4b2 5 bytes JMP 000000007ef20d82 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 0000000075e1c9cc 5 bytes JMP 000000007ef20b1e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 0000000075e1de94 5 bytes JMP 000000007ef20c94 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 0000000075e1deb6 5 bytes JMP 000000007ef20d60 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 0000000075e1dece 5 bytes JMP 000000007ef20cfa .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 0000000075e1defe 5 bytes JMP 000000007ef20d3e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000075e22b38 5 bytes JMP 000000007ef20afc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 0000000075e235e4 5 bytes JMP 000000007ef20c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000075e24939 5 bytes JMP 000000007ef20a30 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075e370a4 5 bytes JMP 000000007ef20c50 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000075e370bc 5 bytes JMP 000000007ef20b84 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 0000000075e370d4 5 bytes JMP 000000007ef20ba6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 0000000075e3771b 5 bytes JMP 000000007ef20cd8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000075e533a4 5 bytes JMP 000000007ef20bc8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000075e533b4 5 bytes JMP 000000007ef20bea .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 0000000075e533c4 5 bytes JMP 000000007ef20b40 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 0000000075e533d4 5 bytes JMP 000000007ef20b62 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075e53414 5 bytes JMP 000000007ef20c2e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077109cbb 5 bytes JMP 0000000074fac3f0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075d33918 5 bytes JMP 000000007ef2126c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075d33cd3 5 bytes JMP 000000007ef2124a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!socket 0000000075d33eb8 5 bytes JMP 000000007ef2128e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075d34406 5 bytes JMP 000000007ef211a0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075d34889 5 bytes JMP 000000007ef211e4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!recv 0000000075d36826 5 bytes JMP 000000007ef212d2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!connect 0000000075d368f5 5 bytes JMP 000000007ef211c2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!send 0000000075d36c19 5 bytes JMP 000000007ef2117e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075d36da1 5 bytes JMP 000000007ef212f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 0000000075d3a6db 5 bytes JMP 000000007ef21206 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000075d3bcd5 2 bytes JMP 000000007ef212b0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!WSAConnect + 3 0000000075d3bcd8 2 bytes [1E, 09] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1628] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075d4771b 5 bytes JMP 000000007ef21228 .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000777d76b1 11 bytes [B8, 50, 21, F2, FF, FF, 07, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000777e5121 7 bytes [B8, 64, 0D, F2, FF, FF, 07] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000777e512a 2 bytes [50, C3] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000777fbe20 12 bytes [48, B8, 98, 15, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000777fbeb0 8 bytes JMP 000000006ffe0148 .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000777fbef0 12 bytes [48, B8, 14, 12, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 00000000777fbf40 12 bytes [48, B8, BA, 20, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777fbf90 12 bytes [48, B8, 5C, 06, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777fbfb0 12 bytes [48, B8, 80, 00, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777fbfd0 12 bytes [48, B8, 16, 01, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000777fbff0 12 bytes [48, B8, 7E, 11, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777fc060 8 bytes JMP 000000006ffe0110 .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000777fc0d0 12 bytes [48, B8, 30, 05, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000777fc0f0 12 bytes [48, B8, 88, 07, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777fc130 12 bytes [48, B8, A0, 1C, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000777fc140 12 bytes [48, B8, 48, 1A, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000777fc180 12 bytes [48, B8, F2, 06, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000777fc200 12 bytes [48, B8, 04, 04, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000777fc210 12 bytes [48, B8, D8, 02, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777fc280 8 bytes JMP 000000006ffe00d8 .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000777fc700 12 bytes [48, B8, 36, 1D, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000777fc750 12 bytes [48, B8, 6E, 03, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000777fc7b0 12 bytes [48, B8, 42, 02, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777fcb20 12 bytes [48, B8, 2E, 16, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777fccf0 12 bytes [48, B8, 24, 20, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000777fd060 12 bytes [48, B8, 52, 10, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777fd260 12 bytes [48, B8, C6, 05, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 00000000777fd3f0 12 bytes [48, B8, DE, 1A, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777fd420 12 bytes [48, B8, C4, 16, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000777fd500 12 bytes [48, B8, 4A, 09, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000777fd510 12 bytes [48, B8, B4, 08, F2, FF, FF, ...] .text C:\Program[6556] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007786e391 11 bytes [B8, E8, 10, F2, FF, FF, 07, ...] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fee15aa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fee15aa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fee15abcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fee15aba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fee15ad12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fee15aa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fee15aab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fee15aa2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fee15aa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fee15aab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fee15aa890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fee15aaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fee15aa2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fee15ab3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fee15aba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SRCLIENT.DLL[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VSSAPI.DLL[KERNEL32.dll!CopyFileExW] [7fee15aa260] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VssTrace.DLL[KERNEL32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7fee15aa9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7fee15aa924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7fee15aaa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7fee15aa580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fee15aa184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fee15aa2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fee15aabe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7fee15aa6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7fee15aa804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueA] [7fee15abb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExA] [7fee15aba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!DeleteFileW] [7fee15aa5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegOpenKeyExA] [7fee15ab60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegDeleteValueW] [7fee15abbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fee15abaa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fee15ab4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fee15ab6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fee15aa42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[10940] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefd244230] C:\Windows\system32\apphelp.dll ---- Processes - GMER 2.2 ---- Library C:\Windows\system32\cmdcsr.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [564] 000007fefd4b0000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [664] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [664] 000007fefd370000 Library C:\Windows\system32\cmdcsr.dll (*** suspicious ***) @ C:\Windows\system32\csrss.exe [676] 000007fefd4b0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [724] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [724] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [724] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [740] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [740] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [740] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\lsm.exe [748] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\lsm.exe [748] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\lsm.exe [748] 000007fefd370000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [836] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [836] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [888] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [888] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [888] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [980] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [980] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [980] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [168] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [168] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [168] 000007fefd370000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000000013ff70000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdres.DLL (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fefb9a0000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fefd370000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdfile.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fef98a0000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdscope.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fef9550000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdurlflt.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fef93a0000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdcmc.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fef9280000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fef4e10000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdlogs.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fee5850000 Library C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [592] 000007fee5800000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [808] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [808] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [808] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1108] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1108] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1108] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1156] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1156] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1156] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1192] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1192] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1192] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1228] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1228] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1228] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1272] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1272] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1272] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1436] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1436] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1436] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1656] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1656] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1656] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1700] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1700] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1700] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1800] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1800] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1800] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1912] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1912] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1912] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2020] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2020] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2020] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1376] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1376] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1376] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2088] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2088] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2088] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe [2160] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe [2160] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchML.exe [2160] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe [2404] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe [2404] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Comarch\Comarch ERP Menad¿er Kluczy\ComarchMLTray.exe [2404] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\CCleaner\CCleaner64.exe [2428] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\CCleaner\CCleaner64.exe [2428] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\CCleaner\CCleaner64.exe [2428] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2532] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2532] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2532] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2896] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2896] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2896] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\Intel\iCLS Client\HeciServer.exe [2256] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\Intel\iCLS Client\HeciServer.exe [2256] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\Intel\iCLS Client\HeciServer.exe [2256] 000007fefd370000 Library C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (*** suspicious ***) @ C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2308] 00000000013a0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2308] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2308] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2308] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3108] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3108] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3108] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [3188] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [3188] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [3188] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [3236] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [3236] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [3236] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [3340] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [3340] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe [3340] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [3488] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [3488] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [3488] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [3752] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [3752] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [3752] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [3912] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [3912] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe [3912] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [3940] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [3940] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\conhost.exe [3940] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Windows\system32\PnkBstrA.exe [4960] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Windows\system32\PnkBstrA.exe [4960] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Windows\system32\PnkBstrA.exe [4960] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4996] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4996] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [4996] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [5028] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [5028] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [5028] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5104] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5104] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [5104] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3196] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3196] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3196] 000007fefd370000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [5168] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [5168] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\wbem\wmiprvse.exe [5168] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [7060] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [7060] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [7060] 0000000074ec0000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [7588] 000007fefd110000 Library C:\Windows\system32\guard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7704] 000007fefd110000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7704] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7704] 000007fefd370000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [1076] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [1076] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [1076] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8208] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8208] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8208] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8216] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8216] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8216] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8224] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8224] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe [8224] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3320] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3320] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3320] 0000000074ec0000 Library C:\Windows\SysWOW64\guard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1628] 0000000074f90000 Library C:\Windows\syswow64\IseGuard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1628] 0000000074f20000 Library C:\Windows\syswow64\cssguard32.dll (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1628] 0000000074ec0000 Library C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000000013fe10000 Library C:\Windows\system32\IseGuard64.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fefd3f0000 Library C:\Windows\system32\cssguard64.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fefd370000 Library C:\Program Files\COMODO\COMODO Internet Security\Framework.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee5820000 Library C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee5800000 Library C:\Program Files\COMODO\COMODO Internet Security\platform.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee57c0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee5780000 Library C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee5650000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fef6540000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fef64e0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4d30000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fef64c0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4d10000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pe.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4cd0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\script.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4c80000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4c50000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4c30000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4c10000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4ae0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4a90000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee49e0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee49c0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\extra.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee4980000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\scrtemu.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee48c0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav (*** suspicious ***) @ C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [6556] 000007fee48a0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.2 ----